CVE-2021-25743
Summary
| CVE | CVE-2021-25743 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-07 00:15:00 UTC |
| Updated | 2022-02-28 15:22:00 UTC |
| Description | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kubernetes | Kubernetes | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ANSI escape characters in kubectl output are not being filtered · Issue #101695 · kubernetes/kubernetes · GitHub | CONFIRM | github.com | |
| CVE-2021-25743 Kubernetes Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Eviatar Gerzi
Legacy QID Mappings
- 284120 Fedora Security Update for kubernetes (FEDORA-2023-a1d7a29fe5)