CVE-2021-25741 log

Severity High
Remote Yes
Type Arbitrary filesystem access
A security issue was discovered in kubelet before version 1.22.2 where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
Group Package Affected Fixed Severity Status Ticket
AVG-2393 kubelet 1.22.1-1 1.22.2-1 High Fixed

To mitigate this vulnerability without upgrading kubelet, you can disable the VolumeSubpath feature gate on kubelet and kube-apiserver, and remove any existing Pods making use of the feature.

You can also use admission control to prevent less-trusted users from running containers as root to reduce the impact of successful exploitation.