vulnerability

Kubernetes: CVE-2017-1002100: Azure persistent disk vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Sep 14, 2017	Jun 14, 2018	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Sep 14, 2017

Added

Jun 14, 2018

Modified

Aug 11, 2025

Description

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.

Solution

kubernetes-upgrade-1_6_6

References

CVE-2017-100210
https://attackerkb.com/topics/CVE-2017-100210
CWE-200
URL-https://github.com/kubernetes/kubernetes/pull/47605#issuecomment-309159093

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today