Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-11251

Опубликовано: 03 фев. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 4.8

Описание

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.

РелизСтатусПримечание
bionic

DNE

devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/focal

not-affected

code not present
esm-apps/jammy

not-affected

code not present
esm-apps/noble

not-affected

code not present
esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needs-triage
groovy

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 83%
0.0195
Низкий

4.3 Medium

CVSS2

4.8 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-11251

CVSS3: 5.3
redhat
около 6 лет назад

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.

nvd логотип

CVE-2019-11251

CVSS3: 4.8
nvd
почти 6 лет назад

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.

debian логотип

CVE-2019-11251

CVSS3: 4.8
debian
почти 6 лет назад

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...

github логотип

GHSA-6qfg-8799-r575

CVSS3: 5.7
github
больше 4 лет назад

Kubernetes kubectl cp Vulnerable to Symlink Attack

fstec логотип

BDU:2020-04880

CVSS3: 5.7
fstec
около 6 лет назад

Уязвимость команды kubectl cp программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю загрузить вредоносный файл

EPSS

Процентиль: 83%
0.0195
Низкий

4.3 Medium

CVSS2

4.8 Medium

CVSS3