High severityNVD Advisory· Published Sep 20, 2021· Updated Sep 16, 2024
Symlink Exchange Can Allow Host Filesystem Access
CVE-2021-25741
Description
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetesGo | < 1.19.15 | 1.19.15 |
k8s.io/kubernetesGo | >= 1.20.0, < 1.20.11 | 1.20.11 |
k8s.io/kubernetesGo | >= 1.21.0, < 1.21.5 | 1.21.5 |
k8s.io/kubernetesGo | >= 1.22.0, < 1.22.2 | 1.22.2 |
Affected products
1- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-f5f7-6478-qm6pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25741ghsaADVISORY
- github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-f5f7-6478-qm6pghsaWEB
- github.com/kubernetes/kubernetes/issues/104980ghsax_refsource_MISCWEB
- groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7sghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20211008-0006ghsaWEB
- security.netapp.com/advisory/ntap-20211008-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.