CVE-2019-11251
published 2020-02-03CVE-2019-11251: The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar…
PriorityP432medium5.7CVSS 3.1
AVNACLPRLUIRSUCNIHAN
EPSS
2.33%
81.4th percentile
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | — | — |
| k8s.io | kubernetes | >= 1.13.10 < 1.13.11 | 1.13.11 |
| k8s.io | kubernetes | >= 1.14.6 < 1.14.7 | 1.14.7 |
| k8s.io | kubernetes | >= 1.15.3 < 1.16.0 | 1.16.0 |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | >= 1.13.0 < 1.13.11 | 1.13.11 |
| kubernetes | kubernetes | >= 1.14.0 < 1.14.7 | 1.14.7 |
| kubernetes | kubernetes | >= 1.15.0 < 1.15.4 | 1.15.4 |
CVSS provenance
nvdv3.15.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.7MEDIUM
vendor_debian4.8LOW
vendor_redhat4.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
osv·2024-08-21
CVE-2019-11251 Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
GHSA
Kubernetes kubectl cp Vulnerable to Symlink Attack
ghsa·2021-05-18
CVE-2019-11251 [MEDIUM] CWE-59 Kubernetes kubectl cp Vulnerable to Symlink Attack
Kubernetes kubectl cp Vulnerable to Symlink Attack
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
OSV
Kubernetes kubectl cp Vulnerable to Symlink Attack
osv·2021-05-18
CVE-2019-11251 [MEDIUM] Kubernetes kubectl cp Vulnerable to Symlink Attack
Kubernetes kubectl cp Vulnerable to Symlink Attack
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
OSV
CVE-2019-11251: The Kubernetes kubectl cp command in versions 1
osv·2020-02-03·CVSS 5.7
CVE-2019-11251 [MEDIUM] CVE-2019-11251: The Kubernetes kubectl cp command in versions 1
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
Red Hat
kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
vendor_redhat·2019-09-18·CVSS 4.8
CVE-2019-11251 [MEDIUM] CWE-59 kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
Statement: This issue did not affect the version of Kubernetes(embedded in heketi) shipped with Red Hat Gluster Storage 3 as it does not include the symlink support for kubectl cp.
Package: atomic-openshift (Red Hat OpenShift Container Platform 3.10) - Affected
Package: heketi (Red Hat Storage 3) - Not affected
Debian
CVE-2019-11251: kubernetes - The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1....
vendor_debian·2019·CVSS 4.8
CVE-2019-11251 [MEDIUM] CVE-2019-11251: kubernetes - The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1....
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-11251 kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks [fedora-all]
bugzilla·2019-09-19·CVSS 4.8
CVE-2019-11251 [MEDIUM] CVE-2019-11251 kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks [fedora-all]
CVE-2019-11251 kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects
Bugzilla
CVE-2019-11251 kubernetes:1.10/kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks [fedora-all]
bugzilla·2019-09-19·CVSS 4.8
CVE-2019-11251 [MEDIUM] CVE-2019-11251 kubernetes:1.10/kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks [fedora-all]
CVE-2019-11251 kubernetes:1.10/kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: thi
Bugzilla
CVE-2019-11251 kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
bugzilla·2019-09-19·CVSS 4.8
CVE-2019-11251 [MEDIUM] CVE-2019-11251 kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
CVE-2019-11251 kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
A vulnerability has been discovered in `kubectl cp` that allows a
combination of two symlinks to copy a file outside of its destination
directory. This could be used to allow an attacker to place a netfarious
file using a symlink, outside of the destination tree.
Reference:
https://github.com/kubernetes/kubernetes/pull/82143
https://github.com/kubernetes/kubernetes/pull/82143
https://github.com/kubernetes/kubernetes/pull/82384
https://github.com/kubernetes/kubernetes/pull/82502
https://github.com/kubernetes/kubernetes/pull/82503
Discussion:
Created kubernetes tracking bugs for this issue:
Affects: fedora-all [bug 1753496]
Created kubernetes:1.10/kubernetes tracking bugs for this issue:
Affec
2020-02-03
Published