1. Home
  2. Vulnerabilities
  3. CVE-2021-25741

CVE-2021-25741

CVSS v3.1 8.1 (High)
81% Progress
CVSS v2.0 5.5 (Medium)
55% Progress
EPSS 0.10 % (42th)
0.10% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Weaknesses
CWE-20
Improper Input Validation
CWE-552
Files or Directories Accessible to External Parties
CVE Status
PUBLISHED
CNA
Kubernetes
Published Date
2021-09-20 17:15:08
(3 years ago)
Updated Date
2021-11-30 22:42:34
(2 years ago)

Affected Products

Kubernetes

Configuration #1

    CPE23 From Up To
  Kubernetes 1.19.14 and prior versions cpe:2.3:a:kubernetes:kubernetes <= 1.19.14
  Kubernetes from 1.20.0 version and 1.20.10 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.20.0 <= 1.20.10
  Kubernetes from 1.21.0 version and 1.21.4 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.21.0 <= 1.21.4
  Kubernetes from 1.22.0 version and 1.22.1 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.22.0 <= 1.22.1