CVE-2018-1002100
published 2018-06-02CVE-2018-1002100: In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container…
PriorityP429medium5.5CVSS 3.0
AVLACLPRLUINSUCNIHAN
EPSS
1.59%
72.6th percentile
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.17.4-1 (bookworm) | kubernetes 1.17.4-1 (bookworm) |
| k8s.io | kubernetes | >= 1.5.0 < 1.9.6 | 1.9.6 |
| k8s.io | kubernetes | >= 1.5.0-alpha.0 < 1.9.6 | 1.9.6 |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | >= 0 < 1.17.4-1 | 1.17.4-1 |
| kubernetes | kubernetes | >= 0 < 1.17.4-1 | 1.17.4-1 |
| kubernetes | kubernetes | >= 0 < 1.17.4-1 | 1.17.4-1 |
| kubernetes | kubernetes | >= 0 < 1.17.4-1 | 1.17.4-1 |
| kubernetes | kubernetes | 1.5.0 – 1.5.9 | — |
| kubernetes | kubernetes | 1.6.0 – 1.6.14 | — |
| kubernetes | kubernetes | 1.7.0 – 1.7.17 | — |
| kubernetes | kubernetes | 1.8.0 – 1.8.15 | — |
| kubernetes | kubernetes | 1.9.0 – 1.9.5 | — |
| kubernetes | kubernetes | >= unspecified < v1.9.6 | v1.9.6 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
osv5.5MEDIUM
vendor_debian4.2MEDIUM
vendor_redhat4.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Kubernetes arbitrary file overwrite in k8s.io/kubernetes
osv·2024-08-20
CVE-2018-1002100 Kubernetes arbitrary file overwrite in k8s.io/kubernetes
Kubernetes arbitrary file overwrite in k8s.io/kubernetes
Kubernetes arbitrary file overwrite in k8s.io/kubernetes
OSV
Kubernetes arbitrary file overwrite
osv·2022-05-13
CVE-2018-1002100 [MEDIUM] Kubernetes arbitrary file overwrite
Kubernetes arbitrary file overwrite
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
GHSA
Kubernetes arbitrary file overwrite
ghsa·2022-05-13
CVE-2018-1002100 [MEDIUM] CWE-20 Kubernetes arbitrary file overwrite
Kubernetes arbitrary file overwrite
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
OSV
CVE-2018-1002100: In Kubernetes versions 1
osv·2018-06-02·CVSS 5.5
CVE-2018-1002100 [MEDIUM] CVE-2018-1002100: In Kubernetes versions 1
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
Red Hat
kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory
vendor_redhat·2018-03-17·CVSS 4.2
CVE-2018-1002100 [MEDIUM] CWE-20 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory
kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
An improper validation flaw exists in the kubernetes 'kubectl cp' command. An attacker, who could trick a user into using the command to copy files locally from a pod, could override files outside of the target directory of the command.
Statement: Kubernetes support is moving from Red Hat Enterprise Linux to OpenShift Container Platform. Kubernetes and its dependencies will no longer be updated through the Extras channel. Instead, the Red Hat customers are advised to use Red Hat's supported K
Debian
CVE-2018-1002100: kubernetes - In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, t...
vendor_debian·2018·CVSS 4.2
CVE-2018-1002100 [MEDIUM] CVE-2018-1002100: kubernetes - In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, t...
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
Scope: local
bookworm: resolved (fixed in 1.17.4-1)
bullseye: resolved (fixed in 1.17.4-1)
forky: resolved (fixed in 1.17.4-1)
sid: resolved (fixed in 1.17.4-1)
trixie: resolved (fixed in 1.17.4-1)
No detection rules found.
No public exploits indexed.
Unit42
Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101
blogs_unit42·2019-03-28·CVSS 4.2
CVE-2019-1002101 [MEDIUM] Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101
# Executive Overview
On March 4, I reported a security vulnerability in kubectl to the Kubernetes and OpenShift security teams, which was assigned CVE-2019-1002101. This post explains the discovery process, the vulnerability details and its impact and exploitation methods. Thanks to Brandon Phillips Red Hat for coordinating the disclosure process. The announcement made today by the Kubernetes team can be found here.
## Vulnerability discovery
I was exploring Kubernetes commands when a particular notice drew my immediate attention.
This note refers to the kubectl cp command, which allows copying files between containers and the user machine. To copy files from and to containers, Kubernetes calls the `tar` binary inside the container, to either create or unpack a tar archive with the req
Unit42
Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101
blogs_unit42·2019-03-28·CVSS 4.2
CVE-2019-1002101 [MEDIUM] Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101
Threat Research Center
Threat Research
Cloud Cybersecurity Research
## Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101
Ariel Zelivansky
Published: March 28, 2019
Cloud Cybersecurity Research
Threat Research
Vulnerabilities
CVE-2019-1002101
Kubernetes
## Executive Overview
On March 4, I reported a security vulnerability in kubectl to the Kubernetes and OpenShift security teams, which was assigned CVE-2019-1002101. This post explains the discovery process, the vulnerability details and its impact and exploitation methods. Thanks to Brandon Phillips Red Hat for coordinating the disclosure process. The announcement made today by the Kubernetes team can be found here .
## Vulnerability discovery
I was exploring Kubernetes commands when a
Bugzilla
CVE-2018-1002100 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory
bugzilla·2018-04-06·CVSS 4.2
CVE-2018-1002100 [MEDIUM] CVE-2018-1002100 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory
CVE-2018-1002100 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory
When using kubectl to cp files to a pod, if the container returns a malformed tarfile with paths like, '/some/remote/dir/../../../../tmp/foo' kubectl writes this to /tmp/foo instead of /some/local/dir/tmp/foo.
https://github.com/kubernetes/kubernetes/issues/61297
Discussion:
Acknowledgments:
Name: Michael Hanselmann (hansmi.ch)
---
Created kubernetes tracking bugs for this issue:
Affects: fedora-all [bug 1564307]
---
Statement:
Kubernetes support is moving from Red Hat Enterprise Linux to OpenShift Container Platform. Kubernetes and its dependencies will no longer be updated through the Extras channel. Instead, the Red Hat customers are advised to use Red Hat's supported Kuber
Bugzilla
CVE-2018-1002100 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory [fedora-all]
bugzilla·2018-04-06·CVSS 4.2
CVE-2018-1002100 [MEDIUM] CVE-2018-1002100 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory [fedora-all]
CVE-2018-1002100 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this is
https://bugzilla.redhat.com/show_bug.cgi?id=1564305https://github.com/kubernetes/kubernetes/issues/61297https://hansmi.ch/articles/2018-04-openshift-s2i-securityhttps://bugzilla.redhat.com/show_bug.cgi?id=1564305https://github.com/kubernetes/kubernetes/issues/61297https://hansmi.ch/articles/2018-04-openshift-s2i-security
2018-06-02
Published