https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-25735_Kubernetes_%E5%87%86%E5%85%A5%E6%A9%9F%E5%88%B6%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E
CVE-2021-25735 Kubernetes 准入機制繞過漏洞 - Revision history
2026-04-20T11:07:16Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2021-25735_Kubernetes_%E5%87%86%E5%85%A5%E6%A9%9F%E5%88%B6%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E&diff=3040&oldid=prev
Pwnwiki: Created page with "==影響版本== <pre> kube-apiserver v1.20.0 - v1.20.5 kube-apiserver v1.19.0 - v1.19.9 kube-apiserver <= v1.18.17 </pre> ==漏洞利用== 通過執行組合操作將changeA..."
2021-05-22T02:30:05Z
<p>Created page with "==影響版本== <pre> kube-apiserver v1.20.0 - v1.20.5 kube-apiserver v1.19.0 - v1.19.9 kube-apiserver <= v1.18.17 </pre> ==漏洞利用== 通過執行組合操作將changeA..."</p>
<p><b>New page</b></p><div>==影響版本==<br />
<pre><br />
kube-apiserver v1.20.0 - v1.20.5<br />
kube-apiserver v1.19.0 - v1.19.9<br />
kube-apiserver <= v1.18.17<br />
</pre><br />
<br />
==漏洞利用==<br />
通過執行組合操作將changeAllowed標籤更改為true並添加一個新標籤,觸發該漏洞,新的值已被准入控制器覆蓋:<br />
<pre><br />
labels: <br />
test: test <br />
changeAllowed: "true"<br />
</pre><br />
<br />
==參考==<br />
https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass/<br />
<br />
https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass/<br />
<br />
https://github.com/darryk10/CVE-2021-25735<br />
<br />
https://nvd.nist.gov/vuln/detail/CVE-2021-25735<br />
<br />
https://cloud.google.com/kubernetes-engine/docs/security-bulletins</div>
Pwnwiki