1. Home
  2. Vulnerabilities
  3. CVE-2017-1002101

CVE-2017-1002101

CVSS v3.0 9.6 (Critical)
96% Progress
CVSS v2.0 5.5 (Medium)
55% Progress
EPSS 0.20 % (57th)
0.20% Progress
Affected Products 1
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

Weaknesses
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE Status
PUBLISHED
CNA
Kubernetes
Published Date
2018-03-13 17:29:00
(6 years ago)
Updated Date
2019-10-09 23:21:25
(5 years ago)

Affected Products

Kubernetes

Configuration #1

    CPE23 From Up To
  Kubernetes from 1.3.0 version and 1.3.10 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.3.0 <= 1.3.10
  Kubernetes from 1.4.0 version and 1.4.12 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.4.0 <= 1.4.12
  Kubernetes from 1.5.0 version and 1.5.8 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.5.0 <= 1.5.8
  Kubernetes from 1.6.0 version and 1.6.13 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.6.0 <= 1.6.13
  Kubernetes from 1.7.0 version and prior 1.7.14 version cpe:2.3:a:kubernetes:kubernetes >= 1.7.0 < 1.7.14
  Kubernetes from 1.8.0 version and prior 1.8.9 version cpe:2.3:a:kubernetes:kubernetes >= 1.8.0 < 1.8.9
  Kubernetes from 1.9.0 version and prior 1.9.4 version cpe:2.3:a:kubernetes:kubernetes >= 1.9.0 < 1.9.4