Upstream information
Description
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 4.9 |
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
| CVSS detail | National Vulnerability Database | SUSE |
|---|---|---|
| Base Score | 4.8 | 2.7 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | High | High |
| User Interaction | Required | None |
| Scope | Changed | Unchanged |
| Confidentiality Impact | Low | Low |
| Integrity Impact | Low | None |
| Availability Impact | None | None |
| CVSSv3 Version | 3.1 | 3.1 |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 16.0 |
| Patchnames: SUSE Linux Enterprise Server 16.0 GA govulncheck-vulndb-0.0.20250814T182633-160000.1.2 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-15424 |
SUSE Timeline for this CVE
CVE page created: Fri Apr 30 15:39:49 2021CVE page last modified: Sun Nov 2 13:01:03 2025