CVE-2017-1002102

Published Mar 13, 2018

Last updated 5 years ago

CVSS medium 5.6

Overview

Description: In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
Source: jordan@liggitt.net
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.6
Impact score: 4
Exploitability score: 1.1
Vector string: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 6.3
Impact score: 9.2
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:N/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85841C2A-31F1-4725-BE9D-0E346D133CC9",
            "versionEndIncluding": "1.3.10",
            "versionStartIncluding": "1.3.0"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CE7BB45-879A-48CE-BE8B-463CB97B8ABA",
            "versionEndIncluding": "1.4.12",
            "versionStartIncluding": "1.4.0"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0990DE9E-F42A-42E5-9589-ACFCD79950E5",
            "versionEndIncluding": "1.5.8",
            "versionStartIncluding": "1.5.0"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "520D312F-37C8-4604-B4C3-D9DB8317CF9F",
            "versionEndIncluding": "1.6.13",
            "versionStartIncluding": "1.6.0"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F39F83C4-3CC3-4681-8363-0986209D4E2B",
            "versionEndExcluding": "1.7.14",
            "versionStartIncluding": "1.7.0"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEE0979F-ED58-43D8-9E3B-7261B1782DD2",
            "versionEndExcluding": "1.8.9",
            "versionStartIncluding": "1.8.0"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4818E0C-B0ED-424F-AD73-B87777FD9D9E",
            "versionEndExcluding": "1.9.4",
            "versionStartIncluding": "1.9.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References