CVE-2019-11251
EUVD-2021-097403.02.2020, 16:15
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| kubernetes | kubernetes | 1.13.0 ≤ 𝑥 < 1.13.11 |
| kubernetes | kubernetes | 1.14.0 ≤ 𝑥 < 1.14.7 |
| kubernetes | kubernetes | 1.15.0 ≤ 𝑥 < 1.15.4 |
| kubernetes | kubernetes | 1.1-1.12 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-61 - UNIX Symbolic Link (Symlink) FollowingThe software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.