CVE-2021-25741 — Improper Input Validation in Kubernetes

CWE-20 — Improper Input Validation CWE-552 — Files or Directories Accessible to External Parties CWE-59 — Link Following9 documents7 sources

Severity

8.1HIGHNVD

CNA8.8

EPSS

33.0%

top 3.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubernetes K8s.io Kubernetes

Timeline

PublishedSep 20

Latest updateAug 21

Description

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶Gok8s.io/kubernetes1.20.0 — 1.20.11+3

▶Debiankubernetes/kubernetes< 1.20.5+really1.20.2-1+3

▶CVEListV5kubernetes/kubernetesunspecified — 1.19.14+3

▶NVDkubernetes/kubernetes1.20.0 — 1.20.10+3

🔴Vulnerability Details

OSV

Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes↗2024-08-21

▶

OSV

Files or Directories Accessible to External Parties in kubernetes↗2021-11-01

▶

GHSA

Files or Directories Accessible to External Parties in kubernetes↗2021-11-01

▶

OSV

CVE-2021-25741: A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories↗2021-09-20

▶

CVEList

Symlink Exchange Can Allow Host Filesystem Access↗2021-09-20

▶

📋Vendor Advisories

Red Hat

kubernetes: Symlink exchange can allow host filesystem access↗2021-09-15

▶

Microsoft

Symlink Exchange Can Allow Host Filesystem Access↗2021-09-14

▶

Debian

CVE-2021-25741: kubernetes - A security issue was discovered in Kubernetes where a user may be able to create...↗2021

▶