Bug 1993749 (CVE-2021-25741) - CVE-2021-25741 kubernetes: Symlink exchange can allow host filesystem access
Summary: CVE-2021-25741 kubernetes: Symlink exchange can allow host filesystem access
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-25741
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1993752 1993753 1993754 1993755 1993756
Blocks: 1993750
TreeView+ depends on / blocked
 
Reported: 2021-08-16 05:16 UTC by Sam Fowler
Modified: 2024-12-20 20:42 UTC (History)
26 users (show)

Fixed In Version: kubernetes 1.22.2, kubernetes 1.21.5, kubernetes 1.20.11, kubernetes 1.19.15
Clone Of:
Environment:
Last Closed: 2021-09-28 06:21:07 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:3631 0 None None None 2021-09-27 19:07:02 UTC
Red Hat Product Errata RHSA-2021:3635 0 None None None 2021-09-29 14:24:22 UTC
Red Hat Product Errata RHSA-2021:3642 0 None None None 2021-09-29 11:46:41 UTC
Red Hat Product Errata RHSA-2021:3646 0 None None None 2021-09-30 19:29:03 UTC

Description Sam Fowler 2021-08-16 05:16:20 UTC 
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

Environments where cluster administrators have restricted the ability to create hostPath mounts are the most seriously affected. Exploitation allows hostPath-like access without use of the hostPath feature, thus bypassing the restriction.

In a default Kubernetes environment, exploitation could be used to obscure misuse of already-granted privileges.
Comment 31 Sam Fowler 2021-09-16 01:45:30 UTC 
Upstream issue:

https://github.com/kubernetes/kubernetes/issues/104980
Comment 34 errata-xmlrpc 2021-09-27 19:07:00 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.8

Via RHSA-2021:3631 https://access.redhat.com/errata/RHSA-2021:3631
Comment 35 Product Security DevOps Team 2021-09-28 06:21:07 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-25741
Comment 36 errata-xmlrpc 2021-09-29 11:46:38 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.6

Via RHSA-2021:3642 https://access.redhat.com/errata/RHSA-2021:3642
Comment 37 errata-xmlrpc 2021-09-29 14:24:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.7

Via RHSA-2021:3635 https://access.redhat.com/errata/RHSA-2021:3635
Comment 38 errata-xmlrpc 2021-09-30 19:29:00 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 3.11

Via RHSA-2021:3646 https://access.redhat.com/errata/RHSA-2021:3646
Note You need to log in before you can comment on or make changes to this bug.