{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"status": "affected", "version": "v1.3.x"}, {"status": "affected", "version": "v1.4.x"}, {"status": "affected", "version": "v1.5.x"}, {"status": "affected", "version": "v1.6.x"}, {"lessThan": "v1.7.14", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "v1.8.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "v1.9.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Reported by Maxim Ivanov"}], "dateAssigned": "2017-12-06T00:00:00", "datePublic": "2018-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "handled symbolic links insecurely", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-26T20:06:14", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"name": "RHSA-2018:0475", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0475"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubernetes/kubernetes/issues/60813"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bgeesaman/subpath-exploit/"}, {"name": "openSUSE-SU-2020:0554", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_ASSIGNED": "2017-12-06", "ID": "CVE-2017-1002101", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": "=", "version_value": "v1.3.x"}, {"version_affected": "=", "version_value": "v1.4.x"}, {"version_affected": "=", "version_value": "v1.5.x"}, {"version_affected": "=", "version_value": "v1.6.x"}, {"version_affected": "<", "version_value": "v1.7.14"}, {"version_affected": "<", "version_value": "v1.8.9"}, {"version_affected": "<", "version_value": "v1.9.4"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": ["Reported by Maxim Ivanov"], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "handled symbolic links insecurely"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:0475", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0475"}, {"name": "https://github.com/kubernetes/kubernetes/issues/60813", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/60813"}, {"name": "https://github.com/bgeesaman/subpath-exploit/", "refsource": "MISC", "url": "https://github.com/bgeesaman/subpath-exploit/"}, {"name": "openSUSE-SU-2020:0554", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:00:41.667Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:0475", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0475"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/60813"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bgeesaman/subpath-exploit/"}, {"name": "openSUSE-SU-2020:0554", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2017-1002101", "datePublished": "2018-03-13T17:00:00", "dateReserved": "2017-12-07T00:00:00", "dateUpdated": "2024-08-05T22:00:41.667Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "85841C2A-31F1-4725-BE9D-0E346D133CC9", "versionEndIncluding": "1.3.10", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CE7BB45-879A-48CE-BE8B-463CB97B8ABA", "versionEndIncluding": "1.4.12", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "0990DE9E-F42A-42E5-9589-ACFCD79950E5", "versionEndIncluding": "1.5.8", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "520D312F-37C8-4604-B4C3-D9DB8317CF9F", "versionEndIncluding": "1.6.13", "versionStartIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "F39F83C4-3CC3-4681-8363-0986209D4E2B", "versionEndExcluding": "1.7.14", "versionStartIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEE0979F-ED58-43D8-9E3B-7261B1782DD2", "versionEndExcluding": "1.8.9", "versionStartIncluding": "1.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4818E0C-B0ED-424F-AD73-B87777FD9D9E", "versionEndExcluding": "1.9.4", "versionStartIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem."}, {"lang": "es", "value": "En Kubernetes, en versiones 1.3.x, 1.4.x, 1.5.x, 1.6.x y en versiones anteriores a la 1.7.14, 1.8.9 y 1.9.4, los contenedores que emplean montajes de volumen subpath con cualquier tipo de volumen (incluyendo pods no privilegiados, dependientes de los permisos de archivo) pueden acceder a archivos/directorios fuera del volumen, incluyendo el sistema de archivos del host."}], "id": "CVE-2017-1002101", "lastModified": "2019-10-09T23:21:25.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2018-03-13T17:29:00.233", "references": [{"source": "jordan@liggitt.net", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0475"}, {"source": "jordan@liggitt.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bgeesaman/subpath-exploit/"}, {"source": "jordan@liggitt.net", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/60813"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:0475", "cpe": "cpe:/a:redhat:openshift:3.3::el7", "impact": "important", "package": "atomic-openshift-0:3.3.1.46.11-1.git.4.e236015.el7", "product_name": "Red Hat OpenShift Container Platform 3.3", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0475", "cpe": "cpe:/a:redhat:openshift:3.4::el7", "impact": "important", "package": "atomic-openshift-0:3.4.1.44.38-1.git.4.bb8df08.el7", "product_name": "Red Hat OpenShift Container Platform 3.4", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0475", "cpe": "cpe:/a:redhat:openshift:3.5::el7", "impact": "important", "package": "atomic-openshift-0:3.5.5.31.48-1.git.4.ff6153e.el7", "product_name": "Red Hat OpenShift Container Platform 3.5", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0475", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "impact": "important", "package": "atomic-openshift-0:3.6.173.0.96-1.git.4.e6301f8.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0475", "cpe": "cpe:/a:redhat:openshift:3.7::el7", "impact": "important", "package": "atomic-openshift-0:3.7.23-1.git.5.83efd71.el7", "product_name": "Red Hat OpenShift Container Platform 3.7", "release_date": "2018-03-12T00:00:00Z"}], "bugzilla": {"description": "kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath", "id": "1525130", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525130"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.", "It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket."], "name": "CVE-2017-1002101", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "impact": "important", "package_name": "kubernetes", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}], "public_date": "2018-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-1002101\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1002101\nhttps://github.com/kubernetes/kubernetes/issues/60813"], "statement": "This flaw allows a pod to mount any part of the host filesystem. The pod will run with the security contraints placed on the user but could read anything with o=rx mode and appropriate SELinux label.", "threat_severity": "Important"}