Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-1002102
HistoryMar 13, 2018 - 12:00 a.m.

CVE-2017-1002102

2018-03-1300:00:00
ubuntu.com
ubuntu.com
12

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS

0

Percentile

12.6%

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions
1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or
downwardAPI volume can trigger deletion of arbitrary files/directories from
the nodes where they are running.

Notes

Author Note
ratliff Ubuntu’s distribution of kubernetes was updated for this on March 12

CVSS2

6.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS

0

Percentile

12.6%