CVE-2021-25743

LOW severity · CVSS 3 · CWE-150

3CVSS LOW

Summary

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

Impact & exploitability

Attack vectorNetwork

Attack complexityHigh

Privileges requiredLow

User interactionRequired

Confidentiality impactNone

Integrity impactLow

Availability impactNone

Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

Affected products we track (1)

Kubernetes

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
https://github.com/kubernetes/kubernetes/issues/101695Advisory
https://github.com/kubernetes/kubernetes/issues/101695Advisory
https://security.netapp.com/advisory/ntap-20220217-0003/Advisory
https://security.netapp.com/advisory/ntap-20220217-0003/Advisory