CVE-2021-25743
published 2022-01-07CVE-2021-25743: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the…
PriorityP411low3CVSS 3.1
AVNACHPRLUIRSCCNILAN
EPSS
0.78%
51.2th percentile
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.20.5+really1.20.2-1.1 (bookworm) | kubernetes 1.20.5+really1.20.2-1.1 (bookworm) |
| k8s.io | kubernetes | >= 0 < 1.26.0-alpha.3 | 1.26.0-alpha.3 |
| kubernetes | kubernetes | <= 1.25.0 | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1.1 | 1.20.5+really1.20.2-1.1 |
| kubernetes | kubernetes | >= 0 < 1.31.4+ds-1 | 1.31.4+ds-1 |
| kubernetes | kubernetes | >= 0 < 1.31.4+ds-1 | 1.31.4+ds-1 |
| kubernetes | kubernetes | unspecified – 1.23.1 | — |
CVSS provenance
nvdv3.13.0LOWCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
nvdv2.02.1LOWAV:N/AC:H/Au:S/C:N/I:P/A:N
osv3.0LOW
vendor_debian3.0LOW
vendor_redhat3.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kubernetes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal
vendor_redhat·2022-01-06·CVSS 3.0
CVE-2021-25743 [LOW] CWE-838 kubernetes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal
kubernetes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
Package: rhacm2/agent-service-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Fix deferred
Package: kubernetes (Red Hat Ansible Automation Platform 1.2) - Affected
Package: kubernetes (Red Hat Ansible Tower 3) - Affected
Package: atomic-o
Debian
CVE-2021-25743: kubernetes - kubectl does not neutralize escape, meta or control sequences contained in the r...
vendor_debian·2021·CVSS 3.0
CVE-2021-25743 [LOW] CVE-2021-25743: kubernetes - kubectl does not neutralize escape, meta or control sequences contained in the r...
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
Scope: local
bookworm: resolved (fixed in 1.20.5+really1.20.2-1.1)
bullseye: open
forky: resolved (fixed in 1.31.4+ds-1)
sid: resolved (fixed in 1.31.4+ds-1)
trixie: resolved (fixed in 1.31.4+ds-1)
OSV
ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
osv·2024-08-21
CVE-2021-25743 ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
OSV
kubectl ANSI escape characters not filtered
osv·2022-01-08
CVE-2021-25743 [LOW] kubectl ANSI escape characters not filtered
kubectl ANSI escape characters not filtered
kubectl (k8s.io/kubernetes/pkg/kubectl) does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
GHSA
kubectl ANSI escape characters not filtered
ghsa·2022-01-08
CVE-2021-25743 [LOW] CWE-150 kubectl ANSI escape characters not filtered
kubectl ANSI escape characters not filtered
kubectl (k8s.io/kubernetes/pkg/kubectl) does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
OSV
CVE-2021-25743: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal
osv·2022-01-07·CVSS 3.0
CVE-2021-25743 [LOW] CVE-2021-25743: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
No detection rules found.
No public exploits indexed.
2022-01-07
Published