Kubernetes subpath volume mount escape — allows container workloads to read/write host files outside their volume boundaries. Update Kubernetes. Enforce PodSecurityAdmission policies restricting allowPrivilegeEscalation and hostPath volumes.
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files and directories outside of the volume.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →