{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"lessThanOrEqual": "1.23.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.23.1", "versionType": "custom"}, {"lessThanOrEqual": "1.22.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.22.5", "versionType": "custom"}, {"lessThanOrEqual": "1.21.8", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.21.8", "versionType": "custom"}, {"lessThanOrEqual": "1.20.14", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.20.14", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Eviatar Gerzi"}], "datePublic": "2021-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-17T17:06:37", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/kubernetes/issues/101695"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220217-0003/"}], "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/101695"], "discovery": "EXTERNAL"}, "title": "ANSI escape characters in kubectl output are not being filtered", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2021-05-02T12:06:00.000Z", "ID": "CVE-2021-25743", "STATE": "PUBLIC", "TITLE": "ANSI escape characters in kubectl output are not being filtered"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.23.1"}, {"version_affected": "?>", "version_value": "1.23.1"}, {"version_affected": "<=", "version_value": "1.22.5"}, {"version_affected": "?>", "version_value": "1.22.5"}, {"version_affected": "<=", "version_value": "1.21.8"}, {"version_affected": "?>", "version_value": "1.21.8"}, {"version_affected": "<=", "version_value": "1.20.14"}, {"version_affected": "?>", "version_value": "1.20.14"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Eviatar Gerzi"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubernetes/kubernetes/issues/101695", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/101695"}, {"name": "https://security.netapp.com/advisory/ntap-20220217-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220217-0003/"}]}, "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/101695"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:11:27.596Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/101695"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220217-0003/"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2021-25743", "datePublished": "2022-01-07T00:00:12.399751Z", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2024-09-16T23:51:24.348Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F8AC6E5-6AF8-4881-A2F6-65BD2FC6D58A", "versionEndIncluding": "1.25.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.26.0:alpha.0:*:*:*:*:*:*", "matchCriteriaId": "E3046E5A-EECD-4C13-9B22-ED2C60199824", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.26.0:alpha.1:*:*:*:*:*:*", "matchCriteriaId": "6A02248E-29E8-4736-9CBC-299ED47B66B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.26.0:alpha.2:*:*:*:*:*:*", "matchCriteriaId": "0BA55668-CF59-41D1-9A1D-284FA15B83F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."}, {"lang": "es", "value": "kubectl no neutraliza las secuencias de escape, meta o de control contenidas en los datos brutos que env\u00eda a un terminal. Esto incluye, pero no se limita, a los campos de cadena no estructurados en objetos como los Eventos"}], "id": "CVE-2021-25743", "lastModified": "2025-08-22T19:16:27.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-07T00:15:07.817", "references": [{"source": "jordan@liggitt.net", "tags": ["Vendor Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/101695"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220217-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/101695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220217-0003/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-150"}], "source": "jordan@liggitt.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kubernetes: kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal", "id": "2042418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042418"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "status": "draft"}, "cwe": "(CWE-20|CWE-78)", "details": ["kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.", "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."], "name": "CVE-2021-25743", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/agent-service-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Affected", "package_name": "kubernetes", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_tower:3", "fix_state": "Affected", "package_name": "kubernetes", "product_name": "Red Hat Ansible Tower 3"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-clients", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2022-01-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-25743\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25743\nhttps://github.com/kubernetes/kubernetes/issues/101695"], "threat_severity": "Low"}

{}