CVE-2017-1002100

Sažetak

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.

Reference

https://github.com/kubernetes/kubernetes/issues/47611
https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-09-2017 - 19:03

Objavljeno

14-09-2017 - 13:29