CVE-2019-1002101 — Link Following in Kubernetes

CWE-59 — Link Following21 documents8 sources

Severity

5.5MEDIUMNVD

CNA6.4

EPSS

49.3%

top 2.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubernetes K8s.io Kubernetes Redhat Openshift Container Platform

Timeline

PublishedApr 1

Latest updateAug 21

Description

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the …

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Gok8s.io/kubernetes1.12.0 — 1.12.7+2

▶CVEListV5kubernetes/kubernetes1.11 — 1.11.9+3

▶NVDkubernetes/kubernetes1.11.0 — 1.11.9+3

Also affects: Openshift Container Platform 3.10, 3.11, 3.9

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Symlink Attack in kubectl cp in k8s.io/kubernetes↗2024-08-21

▶

OSV

Symlink Attack in kubectl cp↗2022-02-15

▶

GHSA

Symlink Attack in kubectl cp↗2022-02-15

▶

OSV

CVE-2019-1002101: The kubectl cp command allows copying files between containers and the user machine↗2019-04-01

▶

CVEList

kubectl cp path traversal↗2019-04-01

▶

📋Vendor Advisories

Red Hat

kubernetes: Mishandling of symlinks allows for arbitrary file write via `kubectl cp`↗2019-03-28

▶

Debian

CVE-2019-1002101: kubernetes - The kubectl cp command allows copying files between containers and the user mach...↗2019

▶

🕵️Threat Intelligence

Unit42

Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101↗2019-03-28

▶

Unit42

Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101↗2019-03-28

▶

💬Community

Bugzilla

CVE-2019-11249 kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal [fedora-all]↗2019-08-06

▶

Bugzilla

CVE-2019-11249 kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal↗2019-08-05

▶

Bugzilla

CVE-2019-11246 kubernetes:1.10/kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` [fedora-all]↗2019-06-21

▶

Bugzilla

CVE-2019-11246 kubernetes:openshift-3.10/origin: kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` [fedora-all]↗2019-06-21

▶

Bugzilla

CVE-2019-11246 kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` [fedora-all]↗2019-06-21

▶