CVE-2017-1002102 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-1002102 PUBLISHED CVSS 7.1 HIGH

Reported by kubernetes · Published March 13, 2018

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.

Risk Scores

CVSS v3.0

7.1

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected Products

Vendor	Product	Versions
Kubernetes	Kubernetes	v1.3.x, v1.4.x, v1.5.x
k8s.io	kubernetes	1.3, 1.7.0, 1.8.0
github.com	kubernetes/kubernetes	v1.3.0, v1.4.0, v1.5.0
Kubernetes	Kubernetes	v1.3.x, v1.4.x, v1.5.x

Timeline

Mar 13, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score

References

RHSA-2018:0475 vendor-advisoryx_refsource_REDHAT
x_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2017-1002102 advisory
https://github.com/advisories/GHSA-mm7g-f2gg-cw8g advisory

Open in Interactive Console →