was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The issue is affecting the Kubelet component of Kubernetes .
The issue was first reported by Fabricio Voznika and Mark Wolters of Google and posted to Github on Sep 13, 2021 . This vulnerability allows attackers to abuse subPath property of the volumeMounts and access the entire host file system without using the hostPath feature originally intended for this capability.The best way to avoid being affected is to completely disable VolumeSubPath functionality using --feature-gates=”VolumeSubPath=false” parameter of the Kubelet and the apiserver.
To help K8s users understand if their K8s clusters are exposed to CVE-2021-25741, we have added a new feature to- an open-source tool built to identify potential security issues in Kubernetes configuration. It now checks if your K8s clusters are exposed to CVE-2021-25741 and verifies that there are no pods in the cluster that might attempt to use the subPath function.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: hackernoon - 🏆 532. / 51 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »