SynopsisThe remote host contains an application affected by multiple vulnerability.
DescriptionThe version of Kubernetes installed on the remote host is version 1.3.x prior to 1.7.14, 1.8.x prior to 1.8.9 or 1.9.x prior to 1.9.4. It is, therefore, affected by multiple vulnerabilities.
- An arbitrary file access vulnerability exists in containers using subpath volume mounts. An authenticated, local attacker can exploit this to access arbitrary files or directories including the host's filesystem.
- An arbitrary file deletion vulnerability exists in containers using a secret, configMap, projected or downwardAPI volume. An unauthenticated, local attacker can exploit this to delete arbitrary files or directories from the nodes where they are running. (CVE-2017-1002102)
SolutionUpgrade to Kubernetes 1.7.14, 1.8.9, 1.9.4 or later, please refer to the vendor advisory.