ALT-PU-2021-3547-1
Package kubernetes updated to version 1.22.4-alt2 for branch p10 in task 291658.
Closed vulnerabilities
Published: 2021-09-28
BDU:2021-06196
Уязвимость программы для оркестровки контейнеризированных приложений Kubernetes, связанная с недостатками разграничения доступа, позволяющая нарушителю обойти введенные ограничения безопасности
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-09-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-25741
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References:
- https://github.com/kubernetes/kubernetes/issues/104980
- https://github.com/kubernetes/kubernetes/issues/104980
- https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s
- https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s
- https://security.netapp.com/advisory/ntap-20211008-0006/
- https://security.netapp.com/advisory/ntap-20211008-0006/