CVE-2021-25741 name and description change

dwertent · Sep 22, 2021 · 229e6d5 · 229e6d5
1 parent c011ff1
commit 229e6d5
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 5 deletions.
diff --git a/controls/symlinkexchangecanallowhostfilesystemaccess.json b/controls/symlinkexchangecanallowhostfilesystemaccess.json
@@ -1,9 +1,9 @@
 {
-    "name": "Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)",
+    "name": "Container SubPath volume mount Can Allow Host Filesystem Access (CVE-2021-25741)",
     "attributes": {
         "armoBuiltin": true
     },
-    "description": "A security issue was discovered in Kubernetes where a user may be able to create a container with subPath volume mounts to access files & directories outside of the volume, including on the host filesystem. This was affected at the following versions: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower.",
+    "description": "A user may be able to create a container with subPath volume mounts to access files & directories outside of the volume, including on the host filesystem. This was affected at the following versions: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower. ",
     "remediation": "To mitigate this vulnerability without upgrading kubelet, you can disable the VolumeSubpath feature gate on kubelet and kube-apiserver, and remove any existing Pods making use of the feature.",
     "rulesNames": [
         "Symlink-Exchange-Can-Allow-Host-Filesystem-Access"

diff --git a/frameworks/MITRE.json b/frameworks/MITRE.json
@@ -33,6 +33,6 @@
     "CoreDNS poisoning",
     "Data Destruction",
     "Resource Hijacking",
-    "Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)"
+    "Container SubPath volume mount Can Allow Host Filesystem Access (CVE-2021-25741)"
   ]
 }
diff --git a/frameworks/NSAframework.json b/frameworks/NSAframework.json
@@ -25,6 +25,6 @@
       "Ingress and Egress blocked",
       "Container hostPort",
       "Network policies",
-      "Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)"
+      "Container SubPath volume mount Can Allow Host Filesystem Access (CVE-2021-25741)"
     ]
   }
diff --git a/rules/CVE-2021-25741/rule.metadata.json b/rules/CVE-2021-25741/rule.metadata.json
@@ -26,7 +26,7 @@
     ],
     "ruleDependencies": [
     ],
-    "description": "A security issue was discovered in Kubernetes where a user may be able to create a container with subPath volume mounts to access files & directories outside of the volume, including on the host filesystem. This was affected at the following versions: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower.",
+    "description": "A user may be able to create a container with subPath volume mounts to access files & directories outside of the volume, including on the host filesystem. This was affected at the following versions: v1.22.0 - v1.22.1, v1.21.0 - v1.21.4, v1.20.0 - v1.20.10, version v1.19.14 and lower. ",
     "remediation": "To mitigate this vulnerability without upgrading kubelet, you can disable the VolumeSubpath feature gate on kubelet and kube-apiserver, and remove any existing Pods making use of the feature.",
     "ruleQuery": "armo_builtins"
 }