exploitDog

CVE-2017-1002101

Опубликовано: 13 мар. 2018

Источник: nvd

CVSS3: 8.8

CVSS3: 9.6

CVSS2: 5.5

EPSS Средний

Описание

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
https://access.redhat.com/errata/RHSA-2018:0475
Third Party Advisory
https://github.com/bgeesaman/subpath-exploit/
Exploit
Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/60813
Issue Tracking
Mitigation
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
https://access.redhat.com/errata/RHSA-2018:0475
Third Party Advisory
https://github.com/bgeesaman/subpath-exploit/
Exploit
Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/60813
Issue Tracking
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Версия от 1.3.0 (включая) до 1.3.10 (включая)

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Версия от 1.4.0 (включая) до 1.4.12 (включая)

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Версия от 1.5.0 (включая) до 1.5.8 (включая)

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Версия от 1.6.0 (включая) до 1.6.13 (включая)

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Версия от 1.7.0 (включая) до 1.7.14 (исключая)

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Версия от 1.8.0 (включая) до 1.8.9 (исключая)

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Версия от 1.9.0 (включая) до 1.9.4 (исключая)

EPSS

Процентиль: 97%

0.33014

Средний

8.8 High

CVSS3

9.6 Critical

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2017-1002101

CVSS3: 7.2

redhat

больше 7 лет назад

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

CVE-2017-1002101

CVSS3: 8.8

debian

больше 7 лет назад

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ...

GHSA-rqgw-vh6p-qf7j

CVSS3: 9.6

github

около 3 лет назад

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

ELSA-2018-4061

oracle-oval

около 7 лет назад

ELSA-2018-4061: kubernetes security update (IMPORTANT)

openSUSE-SU-2020:0554-1

suse-cvrf

около 5 лет назад

Security update for kubernetes

EPSS

Процентиль: 97%

0.33014

Средний

8.8 High

CVSS3

9.6 Critical

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-59