CVE-2017-1002101

HIGH

Kubernetes <1.7.14, <1.8.9, <1.9.4 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-1002101. PoCs published by bgeesaman.

AI-analyzed exploit summary This repository contains functional exploit code demonstrating CVE-2017-1002101, a Kubernetes container escape vulnerability. The exploit leverages symlink manipulation in volume mounts to gain access to the host filesystem from within a container.

Description

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

Exploits (1)

nomisec WORKING POC 35 stars
by bgeesaman · poc
https://github.com/bgeesaman/subpath-exploit

This repository contains functional exploit code demonstrating CVE-2017-1002101, a Kubernetes container escape vulnerability. The exploit leverages symlink manipulation in volume mounts to gain access to the host filesystem from within a container.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Kubernetes (versions prior to patch for CVE-2017-1002101)
Auth required
Prerequisites: Authenticated access to create pods · Ability to control pod specifications
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0475
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://github.com/kubernetes/kubernetes/issues/60813

Scores

CVSS v3 8.8
EPSS 0.1159
EPSS Percentile 95.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-59
Status published
Products (1)
kubernetes/kubernetes 1.3.0 - 1.3.10
Published Mar 13, 2018
Tracked Since Feb 18, 2026