Published: 13/03/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 9.6 | Impact Score: 5.8 | Exploitability Score: 3.1

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kubernetes kubernetes

Synopsis Important: Red Hat OpenShift Container Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Container Platform 37, 36, 35, 34, and 33Red Hat Product Security has rated this update as having a security impact of Important A ...

Debian Bug report logs - #892801 kubernetes: CVE-2017-1002101: Volume security can be sidestepped with innocent emptyDir and subpath Package: src:kubernetes; Maintainer for src:kubernetes is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Mar 2018 07:15:02 UTC ...

Debian Bug report logs - #894051 kubernetes: CVE-2017-1002102 Package: src:kubernetes; Maintainer for src:kubernetes is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Mar 2018 20:21:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found ...

It was found that volume security can be sidestepped with innocent emptyDir and subpath This could give an attacker with access to a pod full control over the node host by gaining access to docker socket ...

Resources for CloudNative security research

Cloud Native Security Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc Pull request welcome Intro 2021:"The Zero Trust Security Practice" by Kevin Chen - article, CN 2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN Series of articles: Exploring Container Security by Google - articles Kernel and

Writeup of CVE-2017-1002101 with sample "exploit"/escape

Sample Kubernetes Escape via CVE-2017-1002101 Description After hearing about the issue and following this guide, I wanted to explore things a bit more This repo contains a couple pod deployments and helper shell scripts that demonstrate the attack mechanism in the simplest way possible so that Kubernetes administrators and operators can fully understand the severity and pote

Resources for CloudNative security research

Cloud Native Security Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc Pull request welcome Intro 2021:"The Zero Trust Security Practice" by Kevin Chen - article, CN 2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN Series of articles: Exploring Container Security by Google - articles Kernel and

Kubernetes subPath Mount exploit via CVE-2017-1002101

CWE-59 https://github.com/kubernetes/kubernetes/issues/60813 https://access.redhat.com/errata/RHSA-2018:0475 https://github.com/bgeesaman/subpath-exploit/http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html https://access.redhat.com/errata/RHSA-2018:0475 https://nvd.nist.gov https://github.com/Pray3r/container-security https://access.redhat.com/security/cve/cve-2017-1002101

CVE-2017-1002101

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect