| Vulnerability Name: | CVE-2019-1002101 (CCN-158804) | ||||||||||||||||||||||||
| Assigned: | 2019-03-28 | ||||||||||||||||||||||||
| Published: | 2019-03-28 | ||||||||||||||||||||||||
| Updated: | 2020-02-10 | ||||||||||||||||||||||||
| Summary: | The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-59 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-1002101 Source: CCN Type: IBM Security Bulletin 878460 (Cloud Private) Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes Source: MLIST Type: UNKNOWN [oss-security] 20190620 [ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246 Source: MLIST Type: UNKNOWN [oss-security] 20190805 Kubernetes v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249 Source: BID Type: Third Party Advisory, VDB Entry 107652 Source: REDHAT Type: UNKNOWN RHBA-2019:0619 Source: REDHAT Type: UNKNOWN RHBA-2019:0620 Source: REDHAT Type: UNKNOWN RHBA-2019:0636 Source: MISC Type: Third Party Advisory CVE-2019-1002101 Source: CCN Type: Red Hat Bugzilla Bug 1685213 (CVE-2019-1002101) - CVE-2019-1002101 kubernetes: Mishandling of symlinks allows for arbitrary file write via `kubectl cp` Source: XF Type: UNKNOWN kubernetes-cve20191002101-dir-trav(158804) Source: CCN Type: Kubernetes GIT Repository CVE-2019-1002101: kubectl fix potential directory traversal #75037 Source: MISC Type: Patch, Third Party Advisory https://github.com/kubernetes/kubernetes/pull/75037 Source: FEDORA Type: UNKNOWN FEDORA-2019-bf800b1c04 Source: FEDORA Type: UNKNOWN FEDORA-2019-2b8ef08c95 Source: CCN Type: IBM Security Bulletin 882956 (API Connect) API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101) Source: CCN Type: IBM Security Bulletin 886609 (Cloud Private for Data) IBM Cloud Private for Data is affected multiple security vulnerabilities in IBM Cloud Private Kubernetes Source: CCN Type: IBM Security Bulletin 888071 (Event Streams) IBM Event Streams is affected by kubectl vulnerabilities Source: CCN Type: IBM Security Bulletin 6207097 (InfoSphere Information Server) InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes Source: MISC Type: UNKNOWN https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/ | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||