Kubernetes subpath volume mount escape — allows container workloads to read/write host files outside their volume boundaries. Update Kubernetes. Enforce PodSecurityAdmission policies restricting allowPrivilegeEscalation and hostPath volumes.
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files and directories outside of the volume.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →