CVE-2017-1002100
N/A
N/A
Summary
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kubernetes | Kubernetes | v1.6.0 < unspecified | affected |
| Kubernetes | Kubernetes | unspecified <= v1.6.5 | affected |
Weaknesses
- Insecure Permissions
ADP Enrichment
CVE Program Container
Additional References
- https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ
- https://github.com/kubernetes/kubernetes/issues/47611
References
- https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ
- https://github.com/kubernetes/kubernetes/issues/47611
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.