CVE-2017-1002101 - subpath volume mount handling allows arbitrary file access in host filesystem #60813
This vulnerability allows containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) to access files/directories outside of the volume, including the host’s filesystem.
Thanks to Maxim Ivanov for reporting this problem.
Mitigations prior to upgrading:
The text was updated successfully, but these errors were encountered:
@liggitt: There are no sig labels on this issue. Please add a sig label.
A sig label can be added by either:
Note: Method 1 will trigger an email to the group. See the group list.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
[MILESTONENOTIFIER] Milestone Issue: Up-to-date for process
Note: This issue is marked as
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. subpath fixes fixes #60813 for master / 1.10 ```release-note Fixes CVE-2017-1002101 - See https://issue.k8s.io/60813 for details ```