Security Advisory

CVE-2017-1002100

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-09-14 13:00:00

Last updated 2024-09-16 16:53:57

Assigner kubernetes

State PUBLISHED

Description

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.

← Browse all CVEs View on cve.org ↗