CVE-2018-1002101

State: PUBLISHED · Published: 2018-12-05 · Updated: 2024-08-05 · Assigner: kubernetes

Description

In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.

CWE

(none)

Affected

Kubernetes / Kubernetes — v=unspecified <v1.9.10 [affected]; v=unspecified <v1.10.6 [affected]; v=unspecified <v1.11.2 [affected]

CVSS

3.0 score=5.9 severity=MEDIUM CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

References

https://github.com/kubernetes/kubernetes/issues/65750 x_refsource_CONFIRM
http://www.securityfocus.com/bid/106238 vdb-entry, x_refsource_BID
https://security.netapp.com/advisory/ntap-20190416-0008/ x_refsource_CONFIRM

Source

cvelistV5-main/cves/2018/1002xxx/CVE-2018-1002101.json