CVE-2017-1002101

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1002101
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1002101.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1002101
Downstream
Related
Published
2018-03-13T17:29:00.233Z
Modified
2026-03-10T14:17:12.262454Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

References

Affected packages

Git / github.com/kubernetes/kubernetes

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes/kubernetes
Events
Introduced
283137936a498aed572ee22af6774b6fb6e9fd94
Last affected
c3e367ec9eae7338ac4e2a57f293634891319b7c
Introduced
a16c0a7f71a6f93c7e0f222d961f4675cd97a46b
Last affected
19e81afecf5eb2b7838c35e2cbf776aff04dc34c
Introduced
58b7c16a52c03e4a849874602be42ee71afdcab1
Last affected
e8c167a115ec662726904265d17f75a6d79d78d8
Introduced
fff5156092b56e6bd60fff75aad4dc9de6b6ef37
Last affected
14ea65f53cdae4a5657cf38cfc8d7349b75b5512
Introduced
d3ada0119e776222f11ec7945e6d860061339aad
Fixed
d1303b003001cf2b5b8cec099383125096b3dac0
Introduced
0b9efaeb34a2fc51ff8e4d34ad9bc6375459c4a4
Fixed
3fb1aafdafa3d33bc698930095db1e56c0f76452
Introduced
925c127ec6b946659ad0fd596fa959be43f0cc05
Fixed
bee2d1505c4fe820744d26d41ecd3fdd4a3d6546
Database specific 
{
    "versions": [
        {
            "introduced": "1.3.0"
        },
        {
            "last_affected": "1.3.10"
        },
        {
            "introduced": "1.4.0"
        },
        {
            "last_affected": "1.4.12"
        },
        {
            "introduced": "1.5.0"
        },
        {
            "last_affected": "1.5.8"
        },
        {
            "introduced": "1.6.0"
        },
        {
            "last_affected": "1.6.13"
        },
        {
            "introduced": "1.7.0"
        },
        {
            "fixed": "1.7.14"
        },
        {
            "introduced": "1.8.0"
        },
        {
            "fixed": "1.8.9"
        },
        {
            "introduced": "1.9.0"
        },
        {
            "fixed": "1.9.4"
        }
    ]
}

Affected versions

v1.*
v1.3.0
v1.3.1-beta.0
v1.3.10
v1.3.10-beta.0
v1.3.2
v1.3.2-beta.0
v1.3.3
v1.3.3-beta.0
v1.3.4
v1.3.4-beta.0
v1.3.5
v1.3.5-beta.0
v1.3.6
v1.3.6-beta.0
v1.3.7
v1.3.7-beta.0
v1.3.8
v1.3.8-beta.0
v1.3.9
v1.3.9-beta.0
v1.4.0
v1.4.1
v1.4.1-beta.0
v1.4.1-beta.1
v1.4.1-beta.2
v1.4.11-beta.0
v1.4.12
v1.4.2
v1.4.2-beta.0
v1.4.2-beta.1
v1.4.3
v1.4.3-beta.0
v1.4.4
v1.4.4-beta.0
v1.4.5
v1.4.5-beta.0
v1.4.6
v1.4.6-beta.0
v1.4.7
v1.4.7-beta.0
v1.4.8
v1.4.8-beta.0
v1.4.9
v1.4.9-beta.0
v1.5.0
v1.5.1
v1.5.1-beta.0
v1.5.2
v1.5.2-beta.0
v1.5.3
v1.5.3-beta.0
v1.5.4
v1.5.4-beta.0
v1.5.5-beta.0
v1.5.6
v1.5.6-beta.0
v1.5.7
v1.5.7-beta.0
v1.5.8
v1.5.8-beta.0
v1.6.0
v1.6.1
v1.6.1-beta.0
v1.6.10
v1.6.10-beta.0
v1.6.11
v1.6.11-beta.0
v1.6.12
v1.6.12-beta.0
v1.6.13
v1.6.13-beta.0
v1.6.2
v1.6.2-beta.0
v1.6.3
v1.6.3-beta.0
v1.6.4-beta.0
v1.6.5
v1.6.5-beta.0
v1.6.6
v1.6.6-beta.0
v1.6.7
v1.6.7-beta.0
v1.6.8
v1.6.8-beta.0
v1.6.9
v1.6.9-beta.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1002101.json"