From 229e6d5ca8eefeaf42086eaed029c5c433be5a97 Mon Sep 17 00:00:00 2001 From: yiscah Date: Wed, 22 Sep 2021 10:16:19 +0300 Subject: [PATCH] CVE-2021-25741 name and description change --- controls/symlinkexchangecanallowhostfilesystemaccess.json | 4 ++-- frameworks/MITRE.json | 2 +- frameworks/NSAframework.json | 2 +- rules/CVE-2021-25741/rule.metadata.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/controls/symlinkexchangecanallowhostfilesystemaccess.json b/controls/symlinkexchangecanallowhostfilesystemaccess.json index 6773bca8e..a0dff8f75 100644 --- a/controls/symlinkexchangecanallowhostfilesystemaccess.json +++ b/controls/symlinkexchangecanallowhostfilesystemaccess.json @@ -1,9 +1,9 @@ { - "name": "Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)", + "name": "Container SubPath volume mount Can Allow Host Filesystem Access (CVE-2021-25741)", "attributes": { "armoBuiltin": true }, - "description": "A security issue was discovered in Kubernetes where a user may be able to create a container with subPath volume mounts to access files & directories outside of the volume, including on the host filesystem. This was affected at the following versions: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower.", + "description": "A user may be able to create a container with subPath volume mounts to access files & directories outside of the volume, including on the host filesystem. This was affected at the following versions: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower. ", "remediation": "To mitigate this vulnerability without upgrading kubelet, you can disable the VolumeSubpath feature gate on kubelet and kube-apiserver, and remove any existing Pods making use of the feature.", "rulesNames": [ "Symlink-Exchange-Can-Allow-Host-Filesystem-Access" diff --git a/frameworks/MITRE.json b/frameworks/MITRE.json index 1f0ae51be..9dc80db41 100644 --- a/frameworks/MITRE.json +++ b/frameworks/MITRE.json @@ -33,6 +33,6 @@ "CoreDNS poisoning", "Data Destruction", "Resource Hijacking", - "Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)" + "Container SubPath volume mount Can Allow Host Filesystem Access (CVE-2021-25741)" ] } diff --git a/frameworks/NSAframework.json b/frameworks/NSAframework.json index 51b2cb3d3..1fdf818c6 100644 --- a/frameworks/NSAframework.json +++ b/frameworks/NSAframework.json @@ -25,6 +25,6 @@ "Ingress and Egress blocked", "Container hostPort", "Network policies", - "Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)" + "Container SubPath volume mount Can Allow Host Filesystem Access (CVE-2021-25741)" ] } diff --git a/rules/CVE-2021-25741/rule.metadata.json b/rules/CVE-2021-25741/rule.metadata.json index f981bd9fc..3cada8ac8 100644 --- a/rules/CVE-2021-25741/rule.metadata.json +++ b/rules/CVE-2021-25741/rule.metadata.json @@ -26,7 +26,7 @@ ], "ruleDependencies": [ ], - "description": "A security issue was discovered in Kubernetes where a user may be able to create a container with subPath volume mounts to access files & directories outside of the volume, including on the host filesystem. This was affected at the following versions: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower.", + "description": "A user may be able to create a container with subPath volume mounts to access files & directories outside of the volume, including on the host filesystem. This was affected at the following versions: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower. ", "remediation": "To mitigate this vulnerability without upgrading kubelet, you can disable the VolumeSubpath feature gate on kubelet and kube-apiserver, and remove any existing Pods making use of the feature.", "ruleQuery": "armo_builtins" } \ No newline at end of file