CVE-2017-1002102
kubernetes: Malicious containers can delete any file from the node
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
En Kubernetes, en versiones 1.3.x, 1.4.x, 1.5.x, 1.6.x y en versiones anteriores a la 1.7.14, 1.8.9 y 1.9.4, los contenedores que emplean un volumen secreto, configMap, proyectado o downwardAPI pueden desencadenar la eliminación de archivos/directorios arbitrarios de los nodos en los que se están ejecutando.
This vulnerability allows containers using a secret, configMap, projected, or downwardAPI volume to trigger deletion of arbitrary files and directories on the nodes where they are running. An attacker could use this flaw to delete arbitrary file or directories on node host.
OpenShift Container Platform by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for this release.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-07 CVE Reserved
- 2018-03-12 CVE Published
- 2024-08-05 CVE Updated
- 2025-04-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0475 | 2019-10-09 | |
| https://github.com/kubernetes/kubernetes/issues/60814 | 2019-10-09 | |
| https://access.redhat.com/security/cve/CVE-2017-1002102 | 2018-03-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1551818 | 2018-03-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.3.0 <= 1.3.10 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.3.0 <= 1.3.10" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.4.0 <= 1.4.12 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.4.0 <= 1.4.12" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.5.0 <= 1.5.8 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.5.0 <= 1.5.8" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.6.0 <= 1.6.13 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.6.0 <= 1.6.13" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.7.0 < 1.7.14 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.7.0 < 1.7.14" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.8.0 < 1.8.9 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.8.0 < 1.8.9" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.9.0 < 1.9.4 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.9.0 < 1.9.4" | - |
Affected
| ||||||