CVE-2017-1002101

Description

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

CVSS Metrics

• v3.0•HIGH•Score: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v3.0•CRITICAL•Score: 9.6CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
• v2.0•MEDIUM•Score: 5.5AV:N/AC:L/Au:S/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 33.51%• Percentile: 97%

Techniques & Countermeasures

• CWE-59•Improper Link Resolution Before File Access ('Link Following')

  The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Systems

• kubernetes•kubernetes

  ≥ 1.3.0, ≤ 1.3.10 | ≥ 1.4.0, ≤ 1.4.12 | ≥ 1.5.0, ≤ 1.5.8 | ≥ 1.6.0, ≤ 1.6.13 | ≥ 1.7.0, < 1.7.14 | ≥ 1.8.0, < 1.8.9 | ≥ 1.9.0, < 1.9.4 | v1.3.x | v1.4.x | v1.5.x | v1.6.x | ≥ unspecified, < v1.7.14 | ≥ unspecified, < v1.8.9 | ≥ unspecified, < v1.9.4

References (4)

• https://access.redhat.com/errata/RHSA-2018:0475
• https://github.com/kubernetes/kubernetes/issues/60813
• https://github.com/bgeesaman/subpath-exploit/
• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html