Описание
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
A flaw was found in kubernetes. An authorized user can exploit this by creating pods with crafted subpath volume mounts to access files and directories outside of the volume, including on the host node's filesystem.
Меры по смягчению последствий
OpenShift Container Platform runs with SELinux in enforcing mode, which reduces the impact of this vulnerability, but does not completely prevent it from being exploited.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift4/ose-alibaba-cloud-csi-driver-container-rhel8 | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Fixed | RHSA-2021:3646 | 30.09.2021 |
| Red Hat OpenShift Container Platform 4.6 | openshift | Fixed | RHSA-2021:3642 | 29.09.2021 |
| Red Hat OpenShift Container Platform 4.7 | openshift | Fixed | RHSA-2021:3635 | 29.09.2021 |
| Red Hat OpenShift Container Platform 4.8 | openshift | Fixed | RHSA-2021:3631 | 28.09.2021 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
A security issue was discovered in Kubernetes where a user may be able ...
Files or Directories Accessible to External Parties in kubernetes
Уязвимость программы для оркестровки контейнеризированных приложений Kubernetes, связанная с недостатками разграничения доступа, позволяющая нарушителю обойти введенные ограничения безопасности
8.8 High
CVSS3