Vulnerabilities > Kubernetes > Kubernetes > 1.8.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-02 | CVE-2018-1002100 | Improper Input Validation vulnerability in Kubernetes In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | 3.6 |
2018-03-13 | CVE-2017-1002102 | Unspecified vulnerability in Kubernetes In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. local kubernetes | 6.3 |
2018-03-13 | CVE-2017-1002101 | Link Following vulnerability in Kubernetes In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | 5.5 |