High severityNVD Advisory· Published Sep 20, 2021· Updated Sep 16, 2024
Symlink Exchange Can Allow Host Filesystem Access
CVE-2021-25741
Description
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetesGo | < 1.19.15 | 1.19.15 |
k8s.io/kubernetesGo | >= 1.20.0, < 1.20.11 | 1.20.11 |
k8s.io/kubernetesGo | >= 1.21.0, < 1.21.5 | 1.21.5 |
k8s.io/kubernetesGo | >= 1.22.0, < 1.22.2 | 1.22.2 |
Affected products
28- osv-coords27 versionspkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/kubernetes-dns-node-cache-1.17pkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:golang/k8s.io/kubernetespkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0+ 26 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.19.15
- (no CPE)range: < 0.0.20250807T150727-1.1
- Range: unspecified
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-f5f7-6478-qm6pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25741ghsaADVISORY
- github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-f5f7-6478-qm6pghsaWEB
- github.com/kubernetes/kubernetes/issues/104980ghsax_refsource_MISCWEB
- groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7sghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20211008-0006ghsaWEB
- security.netapp.com/advisory/ntap-20211008-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.