In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
CVSS v3.0 Score
8.8
/ 10.0
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Information
- Published
- 13 mars 2018
- Updated
- 21 nov. 2024
- Status
- Modified
- Source
- jordan@liggitt.net
Affected products
kubernetes kubernetesAll Kubernetes CVEs →
Versions : 1.3.10, 1.4.12, 1.5.8, 1.6.13, 1.7.14
Weaknesses (CWE)
CWE-59
References (8)
- https://access.redhat.com/errata/RHSA-2018:0475Third Party Advisory
- https://github.com/bgeesaman/subpath-exploit/ExploitThird Party Advisory
- https://github.com/kubernetes/kubernetes/issues/60813Issue TrackingMitigationVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:0475Third Party Advisory
- https://github.com/bgeesaman/subpath-exploit/ExploitThird Party Advisory
- https://github.com/kubernetes/kubernetes/issues/60813Issue TrackingMitigationVendor Advisory
Similar CVEs
Other vulnerabilities of type CWE-59
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.