CVE-2021-25741

Name
CVE-2021-25741
Description
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MLIST https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s
CONFIRM https://github.com/kubernetes/kubernetes/issues/104980
CONFIRM https://security.netapp.com/advisory/ntap-20211008-0006/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* kubernetes >= None <= 1.19.14
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* kubernetes >= 1.20.0 <= 1.20.10
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* kubernetes >= 1.21.0 <= 1.21.4
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* kubernetes >= 1.22.0 <= 1.22.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status