PT-2018-5277 · Kubernetes · Kubernetes
Joel Smith
·
Published
2018-03-13
·
Updated
2025-08-08
·
CVE-2017-1002102
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Kubernetes versions 1.3.x through 1.6.x
Kubernetes versions 1.7.x through 1.7.13
Kubernetes versions 1.8.x through 1.8.8
Kubernetes versions 1.9.x through 1.9.3
Description
The issue allows containers using a secret, configMap, projected or downwardAPI volume to trigger deletion of arbitrary files/directories from the nodes where they are running.
Recommendations
For Kubernetes versions 1.3.x through 1.6.x, update to version 1.7.14 or later.
For Kubernetes versions 1.7.x through 1.7.13, update to version 1.7.14 or later.
For Kubernetes versions 1.8.x through 1.8.8, update to version 1.8.9 or later.
For Kubernetes versions 1.9.x through 1.9.3, update to version 1.9.4 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kubernetes