CVE-2021-25741

Files or Directories Accessible to External Parties in go/github.com/kubernetes/kubelet

Identifier

CVE-2021-25741

Package Slug

go/github.com/kubernetes/kubelet

Vulnerability

Files or Directories Accessible to External Parties

Description

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Affected Versions

All versions up to 1.19.14, all versions starting from 1.20.0 up to 1.20.10, all versions starting from 1.21.0 up to 1.21.4, all versions starting from 1.22.0 up to 1.22.1

Solution

Upgrade to version 1.19.15, 1.20.11, 1.21.5, 1.22.2 or above.

Last Modified

2021-10-01

source