PT-2018-5277 · Kubernetes · Kubernetes

Joel Smith

Publicado

2018-03-13

Atualizado

2025-08-08

CVE-2017-1002102

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Kubernetes versions 1.3.x through 1.6.x Kubernetes versions 1.7.x through 1.7.13 Kubernetes versions 1.8.x through 1.8.8 Kubernetes versions 1.9.x through 1.9.3

Description The issue allows containers using a secret, configMap, projected or downwardAPI volume to trigger deletion of arbitrary files/directories from the nodes where they are running.

Recommendations For Kubernetes versions 1.3.x through 1.6.x, update to version 1.7.14 or later. For Kubernetes versions 1.7.x through 1.7.13, update to version 1.7.14 or later. For Kubernetes versions 1.8.x through 1.8.8, update to version 1.8.9 or later. For Kubernetes versions 1.9.x through 1.9.3, update to version 1.9.4 or later.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2017-1002102

GHSA-MM7G-F2GG-CW8G

GO-2023-1977

OPENSUSE-SU-2025:15424-1

RHSA-2018:0475

Produtos afetados

Kubernetes

PT-2018-5277 · Kubernetes · Kubernetes

CVE-2017-1002102

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 56