In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kubernetes | Kubernetes | 1.3.0 (including) | 1.3.10 (including) |
| Kubernetes | Kubernetes | 1.4.0 (including) | 1.4.12 (including) |
| Kubernetes | Kubernetes | 1.5.0 (including) | 1.5.8 (including) |
| Kubernetes | Kubernetes | 1.6.0 (including) | 1.6.13 (including) |
| Kubernetes | Kubernetes | 1.7.0 (including) | 1.7.14 (excluding) |
| Kubernetes | Kubernetes | 1.8.0 (including) | 1.8.9 (excluding) |
| Kubernetes | Kubernetes | 1.9.0 (including) | 1.9.4 (excluding) |
| Red Hat OpenShift Container Platform 3.3 | RedHat | atomic-openshift-0:3.3.1.46.11-1.git.4.e236015.el7 | * |
| Red Hat OpenShift Container Platform 3.4 | RedHat | atomic-openshift-0:3.4.1.44.38-1.git.4.bb8df08.el7 | * |
| Red Hat OpenShift Container Platform 3.5 | RedHat | atomic-openshift-0:3.5.5.31.48-1.git.4.ff6153e.el7 | * |
| Red Hat OpenShift Container Platform 3.6 | RedHat | atomic-openshift-0:3.6.173.0.96-1.git.4.e6301f8.el7 | * |
| Red Hat OpenShift Container Platform 3.7 | RedHat | atomic-openshift-0:3.7.23-1.git.5.83efd71.el7 | * |