First published: Wed Sep 18 2019(Updated: )
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
Credit: jordan@liggitt.net jordan@liggitt.net
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/atomic-openshift | <0:3.11.154-1.git.0.7a097ad.el7 | 0:3.11.154-1.git.0.7a097ad.el7 |
redhat/atomic-openshift | <0:3.9.102-1.git.0.6411f52.el7 | 0:3.9.102-1.git.0.6411f52.el7 |
redhat/openshift | <0:4.1.21-201910220952.git.0.493dbf6.el7 | 0:4.1.21-201910220952.git.0.493dbf6.el7 |
Kubernetes Kubernetes | >=1.13.0<1.13.11 | |
Kubernetes Kubernetes | >=1.14.0<1.14.7 | |
Kubernetes Kubernetes | >=1.15.0<1.15.4 | |
Kubernetes Kubernetes | =1.1-1.12 | |
go/k8s.io/kubernetes | >=1.15.3<1.16.0 | 1.16.0 |
go/k8s.io/kubernetes | >=1.14.6<1.14.7 | 1.14.7 |
go/k8s.io/kubernetes | >=1.13.10<1.13.11 | 1.13.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2019-11251.
The severity of CVE-2019-11251 is medium with a severity value of 5.7.
Versions 1.1-1.12 and versions prior to 1.13.11, 1.14.7, and 1.15.4 of Kubernetes are affected by CVE-2019-11251.
To fix the CVE-2019-11251 vulnerability, update Kubernetes to version 1.16.0 or above, or to versions 1.13.11, 1.14.7, or 1.15.4.
You can find more information about CVE-2019-11251 at the following references: [CVE.org](https://www.cve.org/CVERecord?id=CVE-2019-11251), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2019-11251), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1753495), and [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2019:3905).