CVE-2017-1002101 — Link Following in Kubernetes

CWE-59 — Link Following10 documents8 sources

Severity

9.6CRITICALNVD

EPSS

33.5%

top 3.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubernetes Debian Kubernetes

Timeline

PublishedMar 13

Latest updateApr 15

Description

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:NExploitability: 3.1 | Impact: 5.8

Affected Packages4 packages

▶debiandebian/kubernetes< kubernetes 1.7.16+dfsg-1 (bookworm)

▶CVEListV5kubernetes/kubernetesunspecified — v1.7.14+6

▶NVDkubernetes/kubernetes1.7.0 — 1.7.14+6

▶Debiankubernetes/kubernetes< 1.7.16+dfsg-1+3

🔴Vulnerability Details

GHSA

GHSA-rqgw-vh6p-qf7j: In Kubernetes versions 1↗2022-05-13

▶

Kernel

Merge branch 'work.openat2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs↗2020-01-29

▶

OSV

CVE-2017-1002101: In Kubernetes versions 1↗2018-03-13

▶

📋Vendor Advisories

Red Hat

kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath↗2018-03-12

▶

Debian

CVE-2017-1002101: kubernetes - In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, ...↗2017

▶

📄Research Papers

arXiv

KubeFence: Security Hardening of the Kubernetes Attack Surface↗2025-04-15

▶

💬Community

Bugzilla

CVE-2017-1002101 origin: kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath [fedora-all]↗2018-03-13

▶

Bugzilla

CVE-2017-1002101 kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath [fedora-all]↗2018-03-12

▶

Bugzilla

CVE-2017-1002101 kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath↗2017-12-12

▶