cbcvebase.
CVE-2021-25741
published 2021-09-20

CVE-2021-25741: A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside…

PriorityP350high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
6.50%
92.9th percentile
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Affected

21 ranges
VendorProductVersion rangeFixed in
debiankubernetes< kubernetes 1.20.5+really1.20.2-1 (bookworm)kubernetes 1.20.5+really1.20.2-1 (bookworm)
k8s.iokubernetes>= 0 < 1.19.151.19.15
k8s.iokubernetes>= 1.20.0 < 1.20.111.20.11
k8s.iokubernetes>= 1.21.0 < 1.21.51.21.5
k8s.iokubernetes>= 1.22.0 < 1.22.21.22.2
kuberneteskubernetes<= 1.19.14
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes1.20.0 – 1.20.10
kuberneteskubernetes1.21.0 – 1.21.4
kuberneteskubernetes1.22.0 – 1.22.1
kuberneteskubernetesunspecified – 1.19.14
msrccm1_kubernetes-1.19.11_1.19.11-7_on_cbl_mariner_1.0
msrccm1_kubernetes-1.19.13_1.19.13-5_on_cbl_mariner_1.0
msrccm1_kubernetes-1.20.7_1.20.7-9_on_cbl_mariner_1.0
msrccm1_kubernetes-1.20.9_1.20.9-7_on_cbl_mariner_1.0
msrccm1_kubernetes-1.21.1_1.21.1-7_on_cbl_mariner_1.0
msrccm1_kubernetes-1.21.2_1.21.2-7_on_cbl_mariner_1.0
msrccm1_kubernetes_1.21.2-7_on_cbl_mariner_1.0

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
osv8.1HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.