Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-25743

Related Vulnerabilities: CVE-2021-25743  

An improper input validation vulnerability was discovered in Kubernetes. In Kubernetes and the OpenShift Container Platform, terminal escape sequence characters are not sanitized in various object-free text fields. This flaw allows an authenticated user to include escape sequence characters in free text fields that are later displayed by the `kubectl` or `oc` binaries. This issue allows spoofing and obscuring `kubectl` output.

Source

Description

An improper input validation vulnerability was discovered in Kubernetes. In Kubernetes and the OpenShift Container Platform, terminal escape sequence characters are not sanitized in various object-free text fields. This flaw allows an authenticated user to include escape sequence characters in free text fields that are later displayed by the `kubectl` or `oc` binaries. This issue allows spoofing and obscuring `kubectl` output.

Additional Information

  • Bugzilla 2042418: CVE-2021-25743 kubernetes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal
  • (CWE-20|CWE-78): Improper Input Validation or Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • FAQ: Frequently asked questions about CVE-2021-25743

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started