CVE-2017-1002100
Last modified
CVE-2017-1002100 is a vulnerability of currently unknown severity. Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.. EPSS estimates a 1.33% chance of exploitation in the next 30 days.
Description
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | 1.6.0 |
| Kubernetes | Kubernetes | 1.6.1 |
| Kubernetes | Kubernetes | 1.6.2 |
| Kubernetes | Kubernetes | 1.6.3 |
| Kubernetes | Kubernetes | 1.6.4 |
| Kubernetes | Kubernetes | 1.6.5 |
References
- https://github.com/kubernetes/kubernetes/issues/47611Issue Tracking, Patch, Third Party Advisory
- https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJPatch, Third Party Advisory
- https://github.com/kubernetes/kubernetes/issues/47611Issue Tracking, Patch, Third Party Advisory
- https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1002100?
How severe is CVE-2017-1002100?
How do I fix CVE-2017-1002100?
Are you affected by CVE-2017-1002100?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST