| Vulnerability Name: | CVE-2018-1002100 (CCN-144813) | ||||||||||||
| Assigned: | 2018-05-17 | ||||||||||||
| Published: | 2018-05-17 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1002100 Source: CCN Type: Red Hat Bugzilla Bug 1564305 (CVE-2018-1002100) CVE-2018-1002100 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1564305 Source: XF Type: UNKNOWN kubernetes-cve20181002100-file-overwrite(144813) Source: CCN Type: kubernetes GIT Repository Kubectl copy doesn't check for paths outside of it's destination directory. #61297 Source: CONFIRM Type: Third Party Advisory https://github.com/kubernetes/kubernetes/issues/61297 Source: MISC Type: Third Party Advisory https://hansmi.ch/articles/2018-04-openshift-s2i-security | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||