CVE-2021-25741 - OpenCVE

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kubernetes	Kubernetes

Configuration 1 [-]

OR	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/104980	Mitigation Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s	Mailing List Mitigation
https://security.netapp.com/advisory/ntap-20211008-0006/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: kubernetes

Published:

Updated: 2021-10-08T14:06:36

Reserved: 2021-01-21T00:00:00

Link: CVE-2021-25741

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-20T17:15:08.343

Modified: 2021-11-30T22:42:34.020

Link: CVE-2021-25741

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"lessThanOrEqual": "1.19.14", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "1.20.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "1.21.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "1.22.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Fabricio Voznika & Mark Wolters"}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-08T14:06:36", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/kubernetes/issues/104980"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211008-0006/"}], "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/104980"], "discovery": "EXTERNAL"}, "title": "Symlink Exchange Can Allow Host Filesystem Access", "x_ConverterErrors": {"DATE_PUBLIC": {"error": "v4 DATE_PUBLIC is invalid", "message": "hour must be in 0..23"}}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2021-09-15T121:15:00.000Z", "ID": "CVE-2021-25741", "STATE": "PUBLIC", "TITLE": "Symlink Exchange Can Allow Host Filesystem Access"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.19.14"}, {"version_affected": "<=", "version_value": "1.20.10"}, {"version_affected": "<=", "version_value": "1.21.4"}, {"version_affected": "<=", "version_value": "1.22.1"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Fabricio Voznika & Mark Wolters"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s", "refsource": "MISC", "url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s"}, {"name": "https://github.com/kubernetes/kubernetes/issues/104980", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/104980"}, {"name": "https://security.netapp.com/advisory/ntap-20211008-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211008-0006/"}]}, "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/104980"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2021-25741", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2021-10-08T14:06:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "294F8F39-19EC-48D3-8013-C35B7E3076B5", "versionEndIncluding": "1.19.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "816775F6-5488-47BB-8080-DF5D12D14C69", "versionEndIncluding": "1.20.10", "versionStartIncluding": "1.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "A62C3A55-B83B-42E1-B6B1-E7395D2DB930", "versionEndIncluding": "1.21.4", "versionStartIncluding": "1.21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "6683F913-E546-4C97-A5E7-09FB6FDB0D37", "versionEndIncluding": "1.22.1", "versionStartIncluding": "1.22.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem."}, {"lang": "es", "value": "Se ha detectado un problema de seguridad en Kubernetes en el que un usuario puede ser capaz de crear un contenedor con montajes de volumen de sub-ruta para acceder a archivos y directorios fuera del volumen, incluso en el sistema de archivos del host"}], "id": "CVE-2021-25741", "lastModified": "2021-11-30T22:42:34.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2021-09-20T17:15:08.343", "references": [{"source": "jordan@liggitt.net", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/104980"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Mitigation"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211008-0006/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}