CVE-2017-1002101
kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
En Kubernetes, en versiones 1.3.x, 1.4.x, 1.5.x, 1.6.x y en versiones anteriores a la 1.7.14, 1.8.9 y 1.9.4, los contenedores que emplean montajes de volumen subpath con cualquier tipo de volumen (incluyendo pods no privilegiados, dependientes de los permisos de archivo) pueden acceder a archivos/directorios fuera del volumen, incluyendo el sistema de archivos del host.
It was found that volume security can be sidestepped with innocent emptyDir and subpath. This could give an attacker with access to a pod full control over the node host by gaining access to docker socket.
OpenShift Container Platform by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for this release.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-07 CVE Reserved
- 2018-03-12 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/bgeesaman/subpath-exploit | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html | 2019-10-09 | |
| https://access.redhat.com/errata/RHSA-2018:0475 | 2019-10-09 | |
| https://github.com/kubernetes/kubernetes/issues/60813 | 2019-10-09 | |
| https://access.redhat.com/security/cve/CVE-2017-1002101 | 2018-03-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1525130 | 2018-03-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.3.0 <= 1.3.10 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.3.0 <= 1.3.10" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.4.0 <= 1.4.12 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.4.0 <= 1.4.12" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.5.0 <= 1.5.8 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.5.0 <= 1.5.8" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.6.0 <= 1.6.13 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.6.0 <= 1.6.13" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.7.0 < 1.7.14 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.7.0 < 1.7.14" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.8.0 < 1.8.9 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.8.0 < 1.8.9" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.9.0 < 1.9.4 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.9.0 < 1.9.4" | - |
Affected
| ||||||