Id:
CVE-2017-1002102
Comment
:
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
CVSSv2 Score:
6.3
Access vector:
|
LOCAL
|
Access complexity:
|
MEDIUM
|
Authentication:
|
NONE
|
Confidentiality impact:
|
NONE
|
Integrity impact:
|
COMPLETE
|
Availability impact:
|
COMPLETE
|
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:C/A:C
References: