CVE-2019-11249: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal #80984
Labels
area/security
kind/bug
Categorizes issue or PR as related to a bug.
official-cve-feed
Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)
sig/cli
Categorizes an issue or PR as relevant to SIG CLI.
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
A third issue was discovered with the Kubernetes
kubectl cp
command that could enable a directory traversal such that a malicious container could replace or create files on a user’s workstation. The vulnerability is a client-side defect and requires user interaction to be exploited.Vulnerable versions:
Kubernetes 1.0.x-1.12.x
Kubernetes 1.13.0-1.13.8
Kubernetes 1.14.0-1.14.4
Kubernetes 1.15.0-1.15.1
Vulnerable configurations:
All
kubectl
clients running a vulnerable version and using thecp
operation.Vulnerability impact:
A malicious user can potentially create or overwrite files outside of the destination directory of the
kubectl cp
operation.Mitigations prior to upgrading:
Avoid using
kubectl cp
with any untrusted workloads.Fixed versions:
Fixed in v1.13.9 by #80871
Fixed in v1.14.5 by #80870
Fixed in v1.15.2 by #80869
Fixed in master by #80436
Fix impact:
The
kubectl cp
function is prevented from creating or modifying files outside the destination directory.Acknowledgements:
This issue was discovered by Yang Yang of Amazon, who also provided a patch. Thanks also to the release managers for creating the security releases.
The text was updated successfully, but these errors were encountered: