CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 1CVE-2017-1002101 – kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath
https://notcve.org/view.php?id=CVE-2017-1002101
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. En Kubernetes, en versiones 1.3.x, 1.4.x, 1.5.x, 1.6.x y en versiones anteriores a la 1.7.14, 1.8.9 y 1.9.4, los contenedores que emplean montajes de volumen subpath con cualquier tipo de volumen (incluyendo pods no privilegiados, dependientes de los permisos de archivo) pueden acceder a archivos/directorios fuera del volumen, incluyendo el sistema de archivos del host. It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html https://access.redhat.com/errata/RHSA-2018:0475 https://github.com/bgeesaman/subpath-exploit https://github.com/kubernetes/kubernetes/issues/60813 https://access.redhat.com/security/cve/CVE-2017-1002101 https://bugzilla.redhat.com/show_bug.cgi?id=1525130 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2017-1002100
https://notcve.org/view.php?id=CVE-2017-1002100
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. Los permisos de acceso por defecto para volúmenes persistentes (PV) creados por el proveedor de servicios en la nube Kubernetes en Azure, en sus versiones de la 1.6.0 a la 1.6.5, están establecidos a "container", lo que expone una URI que se puede acceder sin autenticación en la red de internet pública. Para acceder al string URI se requieren permisos de acceso al clúster de Kubernetes o acceso autenticado al portal Azure. • https://github.com/kubernetes/kubernetes/issues/47611 https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7561
https://notcve.org/view.php?id=CVE-2015-7561
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. Kubernetes en OpenShift3 permite que atacantes remotos autenticados empleen las imágenes privadas de otros usuarios si conocen el nombre de dicha imagen. • https://bugzilla.redhat.com/show_bug.cgi?id=1291963 https://github.com/kubernetes/kubernetes/pull/18909 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1000056
https://notcve.org/view.php?id=CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. En Kubernetes versión 1.5.0 hasta 1.5.4, es vulnerable a una escalada de privilegios en el plugin admission de PodSecurityPolicy, resultando en la capacidad de hacer uso de cualquier objeto PodSecurityPolicy existente. • https://github.com/kubernetes/kubernetes/issues/43459 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2016-7075 – 3: API server does not validate client-provided intermediate certificates correctly
https://notcve.org/view.php?id=CVE-2016-7075
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. Se ha descubierto que Kubernetes, tal y como se emplea en Openshift Enterprise 3, no valida los campos de nombre del host del certificado intermediario de cliente X.509. Un atacante podría emplear este error para omitir los requisitos de autenticación mediante el uso de un certificado X.509 especialmente manipulado It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. • https://access.redhat.com/errata/RHSA-2016:2064 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 https://github.com/kubernetes/kubernetes/issues/34517 https://access.redhat.com/security/cve/CVE-2016-7075 https://bugzilla.redhat.com/show_bug.cgi?id=1384112 • CWE-295: Improper Certificate Validation •