CVE-2017-1002100

Published: Sep 14, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.

Vendor	Product	Versions
Kubernetes	Kubernetes	affected `v1.6.0 - < unspecified` affected `unspecified - <= v1.6.5`

References

https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ

x_refsource_MISC

https://github.com/kubernetes/kubernetes/issues/47611

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-1002100

Description

Affected Products

References