1. Home
  2. Vulnerabilities
  3. CVE-2017-1002102

CVE-2017-1002102

CVSS v3.0 5.6 (Medium)
56% Progress
CVSS v2.0 6.3 (Medium)
63% Progress
EPSS 0.04 % (13th)
0.04% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Kubernetes
Published Date
2018-03-13 17:29:00
(6 years ago)
Updated Date
2019-10-09 23:21:25
(5 years ago)

Affected Products

Kubernetes

Configuration #1

    CPE23 From Up To
  Kubernetes from 1.3.0 version and 1.3.10 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.3.0 <= 1.3.10
  Kubernetes from 1.4.0 version and 1.4.12 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.4.0 <= 1.4.12
  Kubernetes from 1.5.0 version and 1.5.8 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.5.0 <= 1.5.8
  Kubernetes from 1.6.0 version and 1.6.13 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.6.0 <= 1.6.13
  Kubernetes from 1.7.0 version and prior 1.7.14 version cpe:2.3:a:kubernetes:kubernetes >= 1.7.0 < 1.7.14
  Kubernetes from 1.8.0 version and prior 1.8.9 version cpe:2.3:a:kubernetes:kubernetes >= 1.8.0 < 1.8.9
  Kubernetes from 1.9.0 version and prior 1.9.4 version cpe:2.3:a:kubernetes:kubernetes >= 1.9.0 < 1.9.4