x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-mm7g-f2gg-cw8g

In GitHub Security Advisory [GHSA-mm7g-f2gg-cw8g](https://github.com/advisories/GHSA-mm7g-f2gg-cw8g), there is a vulnerability in the following Go packages or modules:

| Unit | Fixed | Vulnerable Ranges |
| - | - | - |
| [k8s.io/kubernetes](https://pkg.go.dev/k8s.io/kubernetes) |  | >= 1.9.0, <= 1.9.3 || [k8s.io/kubernetes](https://pkg.go.dev/k8s.io/kubernetes) |  | >= 1.8.0, <= 1.8.8 || [k8s.io/kubernetes](https://pkg.go.dev/k8s.io/kubernetes) |  | >= 1.7.0, <= 1.7.13 || [k8s.io/kubernetes](https://pkg.go.dev/k8s.io/kubernetes) |  | >= 1.3, < 1.7 |

Cross references:
- Module k8s.io/kubernetes appears in issue #617  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #703  EFFECTIVELY_PRIVATE
- Module k8s.io/kubernetes appears in issue #886  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #904  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #907  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #908  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #909  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #910  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #940  EFFECTIVELY_PRIVATE
- Module k8s.io/kubernetes appears in issue #983  EFFECTIVELY_PRIVATE
- Module k8s.io/kubernetes appears in issue #1492  EFFECTIVELY_PRIVATE
- Module k8s.io/kubernetes appears in issue #1864  EFFECTIVELY_PRIVATE
- Module k8s.io/kubernetes appears in issue #1891  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #1892  NOT_IMPORTABLE
- Module k8s.io/kubernetes appears in issue #1943  EFFECTIVELY_PRIVATE
- Module k8s.io/kubernetes appears in issue #1946  EFFECTIVELY_PRIVATE
- Module k8s.io/kubernetes appears in issue #64
- Module k8s.io/kubernetes appears in issue #65
- Module k8s.io/kubernetes appears in issue #66
- Module k8s.io/kubernetes appears in issue #701


See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
modules:
    - module: k8s.io/kubernetes
      versions:
        - introduced: TODO (earliest fixed "", vuln range ">= 1.9.0, <= 1.9.3")
      vulnerable_at: 1.27.4
      packages:
        - package: k8s.io/kubernetes
    - module: k8s.io/kubernetes
      versions:
        - introduced: TODO (earliest fixed "", vuln range ">= 1.8.0, <= 1.8.8")
      vulnerable_at: 1.27.4
      packages:
        - package: k8s.io/kubernetes
    - module: k8s.io/kubernetes
      versions:
        - introduced: TODO (earliest fixed "", vuln range ">= 1.7.0, <= 1.7.13")
      vulnerable_at: 1.27.4
      packages:
        - package: k8s.io/kubernetes
    - module: k8s.io/kubernetes
      versions:
        - introduced: TODO (earliest fixed "", vuln range ">= 1.3, < 1.7")
      vulnerable_at: 1.27.4
      packages:
        - package: k8s.io/kubernetes
summary: Kubernetes arbitrary file overwrite
description: |-
    In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14,
    1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI
    volume can trigger deletion of arbitrary files/directories from the nodes where
    they are running.
cves:
    - CVE-2017-1002102
ghsas:
    - GHSA-mm7g-f2gg-cw8g
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2017-1002102
    - report: https://github.com/kubernetes/kubernetes/issues/60814
    - web: https://access.redhat.com/errata/RHSA-2018:0475
    - advisory: https://github.com/advisories/GHSA-mm7g-f2gg-cw8g

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-mm7g-f2gg-cw8g #1977

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-mm7g-f2gg-cw8g #1977

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions