CVE-2021-25741 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-25741 Interim 1 38 2022-09-20T23:51:20Z current 2021-09-16T00:53:43Z 2022-09-20T23:51:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-25741 A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2021-September/009446.html E-Mail link for SUSE-CU-2021:318-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009459.html E-Mail link for SUSE-CU-2021:322-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009460.html E-Mail link for SUSE-CU-2021:325-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009461.html E-Mail link for SUSE-CU-2021:328-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009462.html E-Mail link for SUSE-CU-2021:330-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009550.html E-Mail link for SUSE-CU-2021:375-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009553.html E-Mail link for SUSE-CU-2021:385-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009554.html E-Mail link for SUSE-CU-2021:386-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009555.html E-Mail link for SUSE-CU-2021:387-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009556.html E-Mail link for SUSE-CU-2021:388-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009444.html E-Mail link for SUSE-SU-2021:3044-1 https://lists.suse.com/pipermail/sle-security-updates/2021-September/009445.html E-Mail link for SUSE-SU-2021:3049-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009548.html E-Mail link for SUSE-SU-2021:3322-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009549.html E-Mail link for SUSE-SU-2021:3323-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container caasp/v4/hyperkube:v1.17.17 Container caasp/v4/kubernetes-client:1.17.17 Container caasp/v4/kucero:1.3.0 Container caasp/v4/kured:1.3.0 SUSE CaaS Platform 4.0 SUSE CaaS Platform 4.5 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 caasp-release-4.2.6-24.43.2 caasp-release-4.5.5-1.19.3 kubernetes kubernetes-1.18-kubeadm-1.18.20-4.11.3 kubernetes-1.18-kubelet-1.18.20-4.11.3 kubernetes-client kubernetes-client-1.17.17-4.25.2 kubernetes-common-1.17.17-4.25.2 kubernetes-kubeadm-1.17.17-4.25.2 kubernetes-kubelet-1.17.17-4.25.2 release-notes-caasp-4.2.20210929-4.71.2 release-notes-caasp-4.5.20210907-3.22.3 skuba-1.4.13-3.56.2 skuba-2.1.15-3.15.13.2 skuba-update-1.4.13-3.56.2 skuba-update-2.1.15-3.15.13.2 kubernetes-common-1.17.17-4.25.2 as a component of Container caasp/v4/hyperkube:v1.17.17 kubernetes-client-1.17.17-4.25.2 as a component of Container caasp/v4/kubernetes-client:1.17.17 kubernetes-common-1.17.17-4.25.2 as a component of Container caasp/v4/kubernetes-client:1.17.17 kubernetes-client-1.17.17-4.25.2 as a component of Container caasp/v4/kucero:1.3.0 kubernetes-common-1.17.17-4.25.2 as a component of Container caasp/v4/kucero:1.3.0 kubernetes-client-1.17.17-4.25.2 as a component of Container caasp/v4/kured:1.3.0 kubernetes-common-1.17.17-4.25.2 as a component of Container caasp/v4/kured:1.3.0 caasp-release-4.2.6-24.43.2 as a component of SUSE CaaS Platform 4.0 kubernetes-client-1.17.17-4.25.2 as a component of SUSE CaaS Platform 4.0 kubernetes-common-1.17.17-4.25.2 as a component of SUSE CaaS Platform 4.0 kubernetes-kubeadm-1.17.17-4.25.2 as a component of SUSE CaaS Platform 4.0 kubernetes-kubelet-1.17.17-4.25.2 as a component of SUSE CaaS Platform 4.0 release-notes-caasp-4.2.20210929-4.71.2 as a component of SUSE CaaS Platform 4.0 skuba-1.4.13-3.56.2 as a component of SUSE CaaS Platform 4.0 skuba-update-1.4.13-3.56.2 as a component of SUSE CaaS Platform 4.0 caasp-release-4.5.5-1.19.3 as a component of SUSE CaaS Platform 4.5 kubernetes-1.18-kubeadm-1.18.20-4.11.3 as a component of SUSE CaaS Platform 4.5 kubernetes-1.18-kubelet-1.18.20-4.11.3 as a component of SUSE CaaS Platform 4.5 release-notes-caasp-4.5.20210907-3.22.3 as a component of SUSE CaaS Platform 4.5 skuba-2.1.15-3.15.13.2 as a component of SUSE CaaS Platform 4.5 skuba-update-2.1.15-3.15.13.2 as a component of SUSE CaaS Platform 4.5 kubernetes-client as a component of SUSE Linux Enterprise Module for Public Cloud 12 kubernetes as a component of SUSE Linux Enterprise Module for Public Cloud 12 A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. CVE-2021-25741 Container caasp/v4/hyperkube:v1.17.17:kubernetes-common-1.17.17-4.25.2 Container caasp/v4/kubernetes-client:1.17.17:kubernetes-client-1.17.17-4.25.2 Container caasp/v4/kubernetes-client:1.17.17:kubernetes-common-1.17.17-4.25.2 Container caasp/v4/kucero:1.3.0:kubernetes-client-1.17.17-4.25.2 Container caasp/v4/kucero:1.3.0:kubernetes-common-1.17.17-4.25.2 Container caasp/v4/kured:1.3.0:kubernetes-client-1.17.17-4.25.2 Container caasp/v4/kured:1.3.0:kubernetes-common-1.17.17-4.25.2 SUSE CaaS Platform 4.0:caasp-release-4.2.6-24.43.2 SUSE CaaS Platform 4.0:kubernetes-client-1.17.17-4.25.2 SUSE CaaS Platform 4.0:kubernetes-common-1.17.17-4.25.2 SUSE CaaS Platform 4.0:kubernetes-kubeadm-1.17.17-4.25.2 SUSE CaaS Platform 4.0:kubernetes-kubelet-1.17.17-4.25.2 SUSE CaaS Platform 4.0:release-notes-caasp-4.2.20210929-4.71.2 SUSE CaaS Platform 4.0:skuba-1.4.13-3.56.2 SUSE CaaS Platform 4.0:skuba-update-1.4.13-3.56.2 SUSE CaaS Platform 4.5:caasp-release-4.5.5-1.19.3 SUSE CaaS Platform 4.5:kubernetes-1.18-kubeadm-1.18.20-4.11.3 SUSE CaaS Platform 4.5:kubernetes-1.18-kubelet-1.18.20-4.11.3 SUSE CaaS Platform 4.5:release-notes-caasp-4.5.20210907-3.22.3 SUSE CaaS Platform 4.5:skuba-2.1.15-3.15.13.2 SUSE CaaS Platform 4.5:skuba-update-2.1.15-3.15.13.2 SUSE Linux Enterprise Module for Public Cloud 12:kubernetes SUSE Linux Enterprise Module for Public Cloud 12:kubernetes-client important 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H