CVE-2017-1002101

Summary

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetesv1.3.xaffected
KubernetesKubernetesv1.4.xaffected
KubernetesKubernetesv1.5.xaffected
KubernetesKubernetesv1.6.xaffected
KubernetesKubernetesunspecified < v1.7.14affected
KubernetesKubernetesunspecified < v1.8.9affected
KubernetesKubernetesunspecified < v1.9.4affected

Weaknesses

  • handled symbolic links insecurely

ADP Enrichment

CVE Program Container

Additional References

References