A path traversal vulnerability has been identified in the Kubernetes Container Storage Interface (CSI) Driver for NFS, potentially allowing attackers to delete or modify unintended directories on NFS servers.
The flaw stems from insufficient validation of the subDir parameter in volume identifiers, exposing clusters that permit users to create PersistentVolumes referencing the NFS CSI driver.
The vulnerability resides in how the CSI Driver for NFS handles the subDir parameter during volume operations. Attackers with permission to create PersistentVolumes referencing the nfs.csi.k8s.io driver can craft volume identifiers containing path traversal sequences (../).
When the driver processes volume deletion or cleanup operations, it may operate on directories far outside the intended managed path within the NFS export.
For example, malicious volumeHandle entries referencing paths such as /tmp/mount-uuid/legitimate/../../../exports/subdir could cause the CSI controller to traverse out of the designated directory scope entirely, triggering unintended modifications or deletions on the NFS server.
Kubernetes CSI Driver for NFS Vulnerability
Organizations are potentially at risk if they meet all of the following conditions:
- They run the CSI Driver for NFS (
nfs.csi.k8s.io) in their Kubernetes cluster - Their cluster allows non-administrator users to create PersistentVolumes referencing the NFS CSI driver
- Their deployed CSI driver version does not validate traversal sequences in the
subDirfield
All versions of the CSI Driver for NFS prior to v4.13.1 are affected by this vulnerability, as the traversal validation fix was introduced in that release.
Administrators can check whether their cluster is exposed by inspecting PersistentVolumes using the NFS CSI driver and reviewing the volumeHandle field for traversal sequences such as ../.
Additionally, CSI controller logs should be reviewed for unexpected directory operations. Log entries resembling "Removing subPath: /tmp/mount-uuid/legitimate/../../../exports/subdir" are a strong indicator of exploitation. Clusters showing evidence of active exploitation should be reported immediately to security@kubernetes.io.
The primary remediation is upgrading the CSI Driver for NFS to version v4.13.1 or later, which includes proper validation of traversal sequences in the subDir field.
As interim measures, administrators should restrict PersistentVolume creation privileges exclusively to trusted users and audit NFS exports to confirm that only intended directories are writable by the driver.
As a broader security best practice, untrusted users should never be granted permission to create arbitrary PersistentVolumes referencing external storage drivers.
The vulnerability was responsibly disclosed by Shaul Ben Hai, Senior Staff Security Researcher at SentinelOne. The fix was developed and deployed by the CSI Driver for NFS maintainers Andy Zhang and Rita Zhang, in coordination with the Kubernetes Security Response Committee.
