CVE-2017-1002102 Information

Description

In Kubernetes versions 1.3.x 1.4.x 1.5.x 1.6.x and prior to versions 1.7.14 1.8.9 and 1.9.4 containers using a secret configMap projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N

Reference

https://access.redhat.com/errata/RHSA-2018:0475 https://github.com/kubernetes/kubernetes/issues/60814

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.6