Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add patch for CVE-2021-25741 #82

Open
2 tasks done
pacoxu opened this issue Sep 16, 2021 · 2 comments · Fixed by #83
Open
2 tasks done

Add patch for CVE-2021-25741 #82

pacoxu opened this issue Sep 16, 2021 · 2 comments · Fixed by #83
Labels
1.17 1.18 help wanted Extra attention is needed priority/high High(7.0≤Score<9.0) CVSS Score CVE
Milestone

Comments

@pacoxu
Copy link
Member

pacoxu commented Sep 16, 2021

Details

kubernetes/kubernetes#104980

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

This issue has been rated High (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), and assigned CVE-2021-25741.

Affected Components and Configurations
This bug affects kubelet.

Environments where cluster administrators have restricted the ability to create hostPath mounts are the most seriously affected. Exploitation allows hostPath-like access without use of the hostPath feature, thus bypassing the restriction.

In a default Kubernetes environment, exploitation could be used to obscure misuse of already-granted privileges.

Affected Versions
v1.22.0 - v1.22.1

v1.21.0 - v1.21.4

v1.20.0 - v1.20.10

<= v1.19.14

Fixed Versions
This issue is fixed in the following versions:

v1.22.2

v1.21.5

v1.20.11

v1.19.15

Mitigation
To mitigate this vulnerability without upgrading kubelet, you can disable the VolumeSubpath feature gate on kubelet and kube-apiserver, and remove any existing Pods making use of the feature.

You can also use admission control to prevent less-trusted users from running containers as root to reduce the impact of successful exploitation.

Detection
If you find evidence that this vulnerability has been exploited, please contact security@kubernetes.io

Additional Details
See Kubernetes Issue kubernetes/kubernetes#104980 for more details.

Acknowledgements
This vulnerability was reported by Fabricio Voznika and Mark Wolters of Google.

Thanks as well to Ian Coldwater, Duffie Cooley, Brad Geesaman, and Rory McCune for the thorough security research that led to the discovery of this vulnerability.

@pacoxu pacoxu added priority/high High(7.0≤Score<9.0) CVSS Score CVE 8.8 labels Sep 16, 2021
@wzshiming wzshiming added help wanted Extra attention is needed and removed 8.8 labels Sep 16, 2021
@wzshiming wzshiming reopened this Sep 18, 2021
@wzshiming
Copy link
Member

@pacoxu
Copy link
Member Author

pacoxu commented Oct 9, 2021

@pacoxu pacoxu added this to the v1.18 milestone Dec 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1.17 1.18 help wanted Extra attention is needed priority/high High(7.0≤Score<9.0) CVSS Score CVE
Projects
Status: 高优先级 TODO
Development

Successfully merging a pull request may close this issue.

2 participants