CVE-2017-1002102: Path Traversal

March 13, 2018 (updated October 9, 2019)

In Kubernetes containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files and directories from the nodes where they are running.

References

github.com/kubernetes/kubernetes/issues/60814
nvd.nist.gov/vuln/detail/CVE-2017-1002102

Detect and mitigate CVE-2017-1002102 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →