vulnerability
Oracle Linux: CVE-2017-1002102: ELSA-2018-4061: kubernetes security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:N/I:C/A:C) | Mar 6, 2018 | Apr 11, 2018 | Dec 3, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:N/I:C/A:C)
Published
Mar 6, 2018
Added
Apr 11, 2018
Modified
Dec 3, 2025
Description
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
This vulnerability allows containers using a secret, configMap, projected, or downwardAPI volume to trigger deletion of arbitrary files and directories on the nodes where they are running. An attacker could use this flaw to delete arbitrary file or directories on node host.
This vulnerability allows containers using a secret, configMap, projected, or downwardAPI volume to trigger deletion of arbitrary files and directories on the nodes where they are running. An attacker could use this flaw to delete arbitrary file or directories on node host.
Solutions
oracle-linux-upgrade-kubeadmoracle-linux-upgrade-kubectloracle-linux-upgrade-kubelet
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.