6.5
CVE-2017-1002100
- EPSS 0.37%
- Veröffentlicht 14.09.2017 13:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle jordan@liggitt.net
- Teams Watchlist Login
- Unerledigt Login
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kubernetes ≫ Kubernetes Version1.6.0
Kubernetes ≫ Kubernetes Version1.6.0 Updatealpha.0
Kubernetes ≫ Kubernetes Version1.6.0 Updatealpha.1
Kubernetes ≫ Kubernetes Version1.6.0 Updatealpha.2
Kubernetes ≫ Kubernetes Version1.6.0 Updatealpha.3
Kubernetes ≫ Kubernetes Version1.6.0 Updatebeta.0
Kubernetes ≫ Kubernetes Version1.6.0 Updatebeta.1
Kubernetes ≫ Kubernetes Version1.6.0 Updatebeta.2
Kubernetes ≫ Kubernetes Version1.6.0 Updatebeta.3
Kubernetes ≫ Kubernetes Version1.6.0 Updatebeta.4
Kubernetes ≫ Kubernetes Version1.6.0 Updaterc.1
Kubernetes ≫ Kubernetes Version1.6.1
Kubernetes ≫ Kubernetes Version1.6.1 Updatebeta.0
Kubernetes ≫ Kubernetes Version1.6.2
Kubernetes ≫ Kubernetes Version1.6.2 Updatebeta.0
Kubernetes ≫ Kubernetes Version1.6.3
Kubernetes ≫ Kubernetes Version1.6.3 Updatebeta.0
Kubernetes ≫ Kubernetes Version1.6.3 Updatebeta.1
Kubernetes ≫ Kubernetes Version1.6.4
Kubernetes ≫ Kubernetes Version1.6.4 Updatebeta.0
Kubernetes ≫ Kubernetes Version1.6.4 Updatebeta.1
Kubernetes ≫ Kubernetes Version1.6.5
Kubernetes ≫ Kubernetes Version1.6.5 Updatebeta.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.557 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.