In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
CVSS v3.0 Score
7.1
/ 10.0
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Information
- Published
- 13 mars 2018
- Updated
- 21 nov. 2024
- Status
- Modified
- Source
- jordan@liggitt.net
Affected products
kubernetes kubernetesAll Kubernetes CVEs →
Versions : 1.3.10, 1.4.12, 1.5.8, 1.6.13, 1.7.14
Weaknesses (CWE)
NVD-CWE-noinfo
References (4)
- https://access.redhat.com/errata/RHSA-2018:0475Third Party Advisory
- https://github.com/kubernetes/kubernetes/issues/60814Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2018:0475Third Party Advisory
- https://github.com/kubernetes/kubernetes/issues/60814Issue TrackingVendor Advisory
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.