May 2019 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
When a user specifies a world writable folder as cache, Kubernetes creates new files as world writable. A local attacker can read and write to the user files.
Impacted products: Kubernetes.
Severity: 1/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 24/04/2019.
DESCRIPTION OF THE VULNERABILITY
When a user specifies a world writable folder as cache, Kubernetes creates new files as world writable. A local attacker can therefore read and write to the user files.
