CVE-2021-25741
Symlink Exchange Can Allow Host Filesystem Access
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
Se ha detectado un problema de seguridad en Kubernetes en el que un usuario puede ser capaz de crear un contenedor con montajes de volumen de sub-ruta para acceder a archivos y directorios fuera del volumen, incluso en el sistema de archivos del host
A flaw was found in kubernetes. An authorized user can exploit this by creating pods with crafted subpath volume mounts to access files and directories outside of the volume, including on the host node's filesystem.
*Credits:
Fabricio Voznika & Mark Wolters
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-21 CVE Reserved
- 2021-09-20 CVE Published
- 2022-01-19 First Exploit
- 2023-08-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-552: Files or Directories Accessible to External Parties
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/104980 | Mitigation | |
| https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s | Mailing List | |
| https://security.netapp.com/advisory/ntap-20211008-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Betep0k/CVE-2021-25741 | 2022-01-19 | |
| https://github.com/cdxiaodong/CVE-2021-25741 | 2023-10-19 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-25741 | 2021-09-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1993749 | 2021-09-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | <= 1.19.14 Search vendor "Kubernetes" for product "Kubernetes" and version " <= 1.19.14" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.20.0 <= 1.20.10 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.20.0 <= 1.20.10" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.21.0 <= 1.21.4 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.21.0 <= 1.21.4" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.22.0 <= 1.22.1 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.22.0 <= 1.22.1" | - |
Affected
| ||||||