Lucene search

K
osvGoogleOSV:GHSA-MM7G-F2GG-CW8G
HistoryMay 13, 2022 - 1:38 a.m.

Kubernetes arbitrary file overwrite

2022-05-1301:38:23
Google
osv.dev
12
kubernetes
file overwrite
vulnerability
versions
secret volume
configmap
projected volume

EPSS

0

Percentile

12.6%

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.