CVE-2017-1002101

HIGH

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

Score CVSS v3.0

8.8

/ 10.0

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Informations

Publié: 13 mars 2018
Mis à jour: 21 nov. 2024
Statut: Modified
Source: jordan@liggitt.net

Produits affectés

kubernetes kubernetesToutes les CVE Kubernetes →

Versions : 1.3.10, 1.4.12, 1.5.8, 1.6.13, 1.7.14

Faiblesses (CWE)

CWE-59

Références (8)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
https://access.redhat.com/errata/RHSA-2018:0475
Third Party Advisory
https://github.com/bgeesaman/subpath-exploit/
ExploitThird Party Advisory
https://github.com/kubernetes/kubernetes/issues/60813
Issue TrackingMitigationVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
https://access.redhat.com/errata/RHSA-2018:0475
Third Party Advisory
https://github.com/bgeesaman/subpath-exploit/
ExploitThird Party Advisory
https://github.com/kubernetes/kubernetes/issues/60813
Issue TrackingMitigationVendor Advisory

CVEs similaires

Autres vulnérabilités de type CWE-59

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance