In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. Upstream Issue: https://github.com/kubernetes/kubernetes/issues/65750 Upstream Patches: https://github.com/kubernetes/kubernetes/commit/d65039c56ce (v1.12.0) https://github.com/kubernetes/kubernetes/commit/914e404d3fc (v1.11.2) https://github.com/kubernetes/kubernetes/commit/46981ede3a6 (v1.10.6) https://github.com/kubernetes/kubernetes/commit/b2fb73ffead (v1.9.10)
Created kubernetes tracking bugs for this issue: Affects: fedora-all [bug 1659878] Created kubernetes:1.1/kubernetes tracking bugs for this issue: Affects: fedora-29 [bug 1659879] Created kubernetes:openshift-3.10/origin tracking bugs for this issue: Affects: fedora-29 [bug 1659880] Created origin tracking bugs for this issue: Affects: fedora-all [bug 1659881]