CVE-2021-25741

State: PUBLISHED · Published: 2021-09-20 · Updated: 2024-09-16 · Assigner: kubernetes

Description

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

CWE

CWE-20 — CWE-20: Improper Input Validation

Affected

Kubernetes / Kubernetes — v=unspecified ≤1.19.14 [affected]; v=unspecified ≤1.20.10 [affected]; v=unspecified ≤1.21.4 [affected]; v=unspecified ≤1.22.1 [affected]

CVSS

3.1 score=8.8 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s x_refsource_MISC
https://github.com/kubernetes/kubernetes/issues/104980 x_refsource_MISC
https://security.netapp.com/advisory/ntap-20211008-0006/ x_refsource_CONFIRM

Source

cvelistV5-main/cves/2021/25xxx/CVE-2021-25741.json