Kubernetes arbitrary file overwrite

GHSA-mm7g-f2gg-cw8g · CVE-2017-1002102 · GO-2023-1977

Published May 13, 2022 · Modified Aug 20, 2024

Description

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-1002102
WEB https://github.com/kubernetes/kubernetes/issues/60814
WEB https://access.redhat.com/errata/RHSA-2018:0475
PACKAGE https://github.com/kubernetes/kubernetes

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes