CVE-2017-1002102

Aliases:GHSA-mm7g-f2gg-cw8gGO-2023-1977

Advisory lineage Upstream: 0 Downstream: 3

Downstream

DEBIAN-CVE-2017-1002102 OPENSUSE-SU-2025:15424-1 RHSA-2018:0475

Modified

Published: 13 Mar 2018, 17:00

Last modified:05 Aug 2024, 22:00

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

v3.0 (cve.org)

EPSS Score

0.27% LOW

0% probability -0.22%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Mar 2018, 17:00

Published

Vulnerability first disclosed

05 Aug 2024, 22:00

Last Modified

Vulnerability information updated

Description

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.

CVSS Metrics

v3.0•HIGH•Score: 7.1CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
v3.0•MEDIUM•Score: 5.6CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
v2.0•MEDIUM•Score: 6.3AV:L/AC:M/Au:N/C:N/I:C/A:C

EPSS Trends

Current EPSS score: 0.27%• Percentile: 50%

Affected Systems

k8s.io•kubernetes
≥ 1.3.0, < 1.7.14 | ≥ 1.8.0, < 1.8.9 | ≥ 1.9.0, < 1.9.4
kubernetes•kubernetes
≥ 1.3.0, ≤ 1.3.10 | ≥ 1.4.0, ≤ 1.4.12 | ≥ 1.5.0, ≤ 1.5.8 | ≥ 1.6.0, ≤ 1.6.13 | ≥ 1.7.0, < 1.7.14 | ≥ 1.8.0, < 1.8.9 | ≥ 1.9.0, < 1.9.4 | v1.3.x | v1.4.x | v1.5.x | v1.6.x | ≥ unspecified, < v1.7.14 | ≥ unspecified, < v1.8.9 | ≥ unspecified, < v1.9.4