The version of Kubernetes installed on the remote host is version 1.3.x prior to 1.7.14, 1.8.x prior to 1.8.9 or 1.9.x prior to 1.9.4. It is, therefore, affected by multiple vulnerabilities.
An arbitrary file access vulnerability exists in containers using subpath volume mounts. An authenticated, local attacker can exploit this to access arbitrary files or directories including the hostโs filesystem.
(CVE-2017-1002101)
An arbitrary file deletion vulnerability exists in containers using a secret, configMap, projected or downwardAPI volume. An unauthenticated, local attacker can exploit this to delete arbitrary files or directories from the nodes where they are running. (CVE-2017-1002102)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(124590);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/08");
script_cve_id("CVE-2017-1002101", "CVE-2017-1002102");
script_name(english:"Kubernetes 1.3.x < 1.7.14 / 1.8.x < 1.8.9 / 1.9.x < 1.9.4 multiple vulnerabilities");
script_summary(english:"Checks the version of Kubernetes.");
script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application affected by multiple vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Kubernetes installed on the remote host is version 1.3.x prior to 1.7.14, 1.8.x prior to 1.8.9 or 1.9.x
prior to 1.9.4. It is, therefore, affected by multiple vulnerabilities.
- An arbitrary file access vulnerability exists in containers using subpath volume mounts. An authenticated, local
attacker can exploit this to access arbitrary files or directories including the host's filesystem.
(CVE-2017-1002101)
- An arbitrary file deletion vulnerability exists in containers using a secret, configMap, projected or downwardAPI
volume. An unauthenticated, local attacker can exploit this to delete arbitrary files or directories from the nodes
where they are running. (CVE-2017-1002102)
");
# https://groups.google.com/forum/#!topic/kubernetes-security-announce/P7lBjbjDKd8
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7000232d");
script_set_attribute(attribute:"solution", value:
"Upgrade to Kubernetes 1.7.14, 1.8.9, 1.9.4 or later, please refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1002102");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13");
script_set_attribute(attribute:"patch_publication_date", value:"2018/12/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/03");
script_set_attribute(attribute:"agent", value:"unix");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:kubernetes:kubernetes");
script_set_attribute(attribute:"cpe", value:"cpe:/a:google:kubernetes");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("kube_detect.nbin");
script_require_keys("installed_sw/Kubernetes");
script_require_ports("Services/ssh", 22);
exit(0);
}
include('vcf.inc');
app_name = 'Kubernetes';
app_info = vcf::get_app_info(app:app_name);
vcf::check_all_backporting(app_info:app_info);
vcf::check_granularity(app_info:app_info, sig_segments:3);
constraints = [
{ 'min_version' : '1.3.0', 'fixed_version' : '1.7.0', 'fixed_display' : '1.7.14 or 1.8.9 or 1.9.4' },
{ 'min_version' : '1.7.0', 'fixed_version' : '1.7.14' },
{ 'min_version' : '1.8.0', 'fixed_version' : '1.8.9' },
{ 'min_version' : '1.9.0', 'fixed_version' : '1.9.4' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
kubernetes | kubernetes | cpe:/a:kubernetes:kubernetes | |
kubernetes | cpe:/a:google:kubernetes |