Symlink File Overwrite Affecting github.com/kubernetes/kubernetes Open this link in a new tab package, versions >=1.22.0 <1.22.2 >=1.21.0 <1.21.5 >=1.20.0 <1.20.11 <1.19.15


0.0
high
  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-GOLANG-GITHUBCOMKUBERNETESKUBERNETES-1585629

  • published

    16 Sep 2021

  • disclosed

    15 Sep 2021

  • credit

    Fabricio Voznika, Mark Wolters

How to fix?

Upgrade github.com/kubernetes/kubernetes to version 1.22.2, 1.21.5, 1.20.11, 1.19.15 or higher.

Overview

github.com/kubernetes/kubernetes is a Production-Grade Container Scheduling and Management.

Affected versions of this package are vulnerable to Symlink File Overwrite. Symlink exchange can allow host filesystem access. A flaw was found in kubernetes where an authorized user can create pods with crafted subpath volume mounts to access files and directories outside of the volume, including on the host node's filesystem.