ID CVE-2017-1002102
Summary In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
References
Vulnerable Configurations
CVSS
Base: 6.3
Impact:
Exploitability:
nessus via4
NASL family Oracle Linux Local Security Checks
NASL id ORACLELINUX_ELSA-2018-4061.NASL
description Description of changes: [1.9.1-2.1.5] - Production built 1.9.1-2.1.5 - Fix the upgrade version check - Remove w/a from [Orabug 27125915] [1.9.1-2.1.4.dev] - Make sure worker node upgrade properly - [Orabug 27649898] [1.9.1-2.1.3.dev] - Ensure that the runtime mounts RO volumes read-only [CVE-2017-1002102] - Update Dashboard version to v1.8.3 [CVE-2017-1002102] - Fix nested volume mounts for read-only API data volumes [CVE-2017-1002102] - Fixed kubeadm-setup.sh and kubeadm-registry.sh - Add feature gate for subpath [CVE-2017-1002101] - Add subpath e2e tests [CVE-2017-1002101] - Lock subPath volumes [CVE-2017-1002101]
last seen 2018-04-13
modified 2018-04-12
plugin id 108939
published 2018-04-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=108939
title Oracle Linux 7 : kubernetes (ELSA-2018-4061)
redhat via4
advisories
rhsa
id RHSA-2018:0475
refmap via4
confirm https://github.com/kubernetes/kubernetes/issues/60814
Last major update 13-03-2018 - 13:29
Published 13-03-2018 - 13:29
Last modified 11-04-2018 - 14:31
Back to Top