Head Topics

Kubernetes New High Severity Vulnerability CVE-2021-25741 – Are You Exposed? | HackerNoon

  • 📰 hackernoon
  • ⏱ Reading Time:
  • 44 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 21%
  • Publisher: 51%

United States Headlines News

United States Latest News,United States Headlines

'Kubernetes New High Severity Vulnerability CVE-2021-25741 – Are You Exposed?' by twitter.com/armosec kubernetes vulnerability

was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The issue is affecting the Kubelet component of Kubernetes .

The issue was first reported by Fabricio Voznika and Mark Wolters of Google and posted to Github on Sep 13, 2021 . This vulnerability allows attackers to abuse subPath property of the volumeMounts and access the entire host file system without using the hostPath feature originally intended for this capability.The best way to avoid being affected is to completely disable VolumeSubPath functionality using --feature-gates=”VolumeSubPath=false” parameter of the Kubelet and the apiserver.

To help K8s users understand if their K8s clusters are exposed to CVE-2021-25741, we have added a new feature to- an open-source tool built to identify potential security issues in Kubernetes configuration. It now checks if your K8s clusters are exposed to CVE-2021-25741 and verifies that there are no pods in the cluster that might attempt to use the subPath function.

 

Thank you for your comment. Your comment will be published after being reviewed.
Please try again later.
We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

 /  🏆 532. in US

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Thrilled to be Recognized as the 2021 HackerNoon Contributor of the Year - React | HackerNoonHow does it feel to be a winner of Noonies 2021 as the React.js Contributor? Fantastic. Read how we intend to keep the title, our goals for 2022, and more.
Source: hackernoon - 🏆 532. / 51 Read more »

Understanding the Solarwinds Sunburst Breach and the Severity of Supply Chain Attacks | HackerNoonThe Solarwinds Sunburst exploit was a devastating cyber attack that opened up thousands of companies to hackers. There's a lot to learn and understand about it.
Source: hackernoon - 🏆 532. / 51 Read more »

2021 Noonies Nominee Interview with Sarrah Pitaliya | HackerNoon'2021 Noonies Nominee Interview with Sarrah Pitaliya ' by sarrahpitaliya interview interviewquestions
Source: hackernoon - 🏆 532. / 51 Read more »

5 Best Transportation Management Systems (TMS) in 2021/2022 | HackerNoonHaving a robust TMS adopted to your logistics business has become a staple. A sneak peek at the best ready-made TMS solutions in 2021. Check out fresh insights.
Source: hackernoon - 🏆 532. / 51 Read more »

Near-Life is Bolton's Top Startup of 2021 | HackerNoonNear-Life, the first interactive video and VR authoring tool, recognised as top startup...
Source: hackernoon - 🏆 532. / 51 Read more »