ANSI escape characters in kubectl output are not being filtered
CVE-2021-25743

3LOW

Key Information:

Vendor: Kubernetes
Status: Kubernetes
Vendor: CVE Published:; 7 January 2022

What is CVE-2021-25743?

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kubernetes <= 1.23.1

Kubernetes <= 1.22.5

Kubernetes <= 1.21.8

References

https://github.com/kubernetes/kubernetes/issues/101695

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220217-0003/

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2022
Vulnerability Reserved
Jan 21, 2021

Credit

Eviatar Gerzi

JSON

Kubernetes