In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the hosts filesystem.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kubernetes | Kubernetes | 1.3.0 (including) | 1.3.10 (including) |
Kubernetes | Kubernetes | 1.4.0 (including) | 1.4.12 (including) |
Kubernetes | Kubernetes | 1.5.0 (including) | 1.5.8 (including) |
Kubernetes | Kubernetes | 1.6.0 (including) | 1.6.13 (including) |
Kubernetes | Kubernetes | 1.7.0 (including) | 1.7.14 (excluding) |
Kubernetes | Kubernetes | 1.8.0 (including) | 1.8.9 (excluding) |
Kubernetes | Kubernetes | 1.9.0 (including) | 1.9.4 (excluding) |