In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
CVSS v3.0 Score
4.2
/ 10.0
MEDIUM
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
Information
- Published
- 2 juin 2018
- Updated
- 21 nov. 2024
- Status
- Modified
- Source
- jordan@liggitt.net
Affected products
kubernetes kubernetesAll Kubernetes CVEs →
Versions : 1.5.9, 1.6.14, 1.7.17, 1.8.15, 1.9.5
Weaknesses (CWE)
CWE-20
References (6)
- https://bugzilla.redhat.com/show_bug.cgi?id=1564305Issue TrackingThird Party Advisory
- https://github.com/kubernetes/kubernetes/issues/61297Third Party Advisory
- https://hansmi.ch/articles/2018-04-openshift-s2i-securityThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1564305Issue TrackingThird Party Advisory
- https://github.com/kubernetes/kubernetes/issues/61297Third Party Advisory
- https://hansmi.ch/articles/2018-04-openshift-s2i-securityThird Party Advisory
Similar CVEs
Other vulnerabilities of type CWE-20
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.