Количество 7
Количество 7
GHSA-6qfg-8799-r575
Kubernetes kubectl cp Vulnerable to Symlink Attack
CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...
BDU:2020-04880
Уязвимость команды kubectl cp программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю загрузить вредоносный файл
ELSA-2019-4816
ELSA-2019-4816: kubernetes security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-6qfg-8799-r575 Kubernetes kubectl cp Vulnerable to Symlink Attack | CVSS3: 5.7 | 2% Низкий | около 4 лет назад |
 | CVE-2019-11251 The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. | CVSS3: 4.8 | 2% Низкий | больше 5 лет назад |
 | CVE-2019-11251 The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. | CVSS3: 5.3 | 2% Низкий | почти 6 лет назад |
 | CVE-2019-11251 The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. | CVSS3: 4.8 | 2% Низкий | больше 5 лет назад |
| CVE-2019-11251 The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ... | CVSS3: 4.8 | 2% Низкий | больше 5 лет назад |
 | BDU:2020-04880 Уязвимость команды kubectl cp программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю загрузить вредоносный файл | CVSS3: 5.7 | 2% Низкий | почти 6 лет назад |
| ELSA-2019-4816 ELSA-2019-4816: kubernetes security update (IMPORTANT) | больше 5 лет назад |
Уязвимостей на страницу