CVE-2019-11249

🗓️ 29 Aug 2019 00:26:18Reported by kubernetesType

The kubectl cp command in Kubernetes prior to 1.13.9, 1.14.5, 1.15.2 allows copying files between containers and the user machine, leading to potential arbitrary code execution

Reporter	Title	Published	Views	Family All 54
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Kubernetes (CVE-2019-11247, CVE-2019-11249)	23 Nov 201916:28	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in Kubernetes shipped with PowerAI Vision	8 Jan 202004:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server	1 Apr 202121:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data	29 Jun 202217:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect is impacted by vulnerabilities in Kubernetes (CVE-2019-11249, CVE-2019-11247)	2 Jan 202016:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Kubernetes affects IBM Watson Studio Local	20 Dec 201921:41	–	ibm
ATTACKERKB	kubectl cp path traversal	1 Apr 201900:00	–	attackerkb
AlpineLinux	CVE-2019-11249	29 Aug 201900:26	–	alpinelinux
Circl	CVE-2019-11249	1 Dec 202520:45	–	circl
CNVD	kubectl path traversal vulnerability (CNVD-2019-26372)	7 Aug 201900:00	–	cnvd

NVD

Node

kubernetes kubernetesRange1.0.0–1.12.10

kubernetes kubernetesRange1.13.0–1.13.9

kubernetes kubernetesRange1.14.0–1.14.5

kubernetes kubernetesRange1.15.0–1.15.2

kubernetes kubernetesMatch1.12.11beta0

Node

redhat openshift_container_platformMatch3.9

redhat openshift_container_platformMatch3.10

redhat openshift_container_platformMatch3.11

redhat openshift_container_platformMatch4.1

[
  {
    "product": "Kubernetes",
    "vendor": "Kubernetes",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 1.13.9"
      },
      {
        "status": "affected",
        "version": "prior to 1.14.5"
      },
      {
        "status": "affected",
        "version": "prior to 1.15.2"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "1.2"
      },
      {
        "status": "affected",
        "version": "1.4"
      },
      {
        "status": "affected",
        "version": "1.5"
      },
      {
        "status": "affected",
        "version": "1.6"
      },
      {
        "status": "affected",
        "version": "1.7"
      },
      {
        "status": "affected",
        "version": "1.8"
      },
      {
        "status": "affected",
        "version": "1.9"
      },
      {
        "status": "affected",
        "version": "1.10"
      },
      {
        "status": "affected",
        "version": "1.11"
      },
      {
        "status": "affected",
        "version": "1.12"
      }
    ]
  }
]

Source	Link
github	www.github.com/kubernetes/kubernetes/issues/80984
access	www.access.redhat.com/errata/RHBA-2019:2824
security	www.security.netapp.com/advisory/ntap-20190919-0003/
groups	www.groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ
access	www.access.redhat.com/errata/RHSA-2019:3239
access	www.access.redhat.com/errata/RHSA-2019:3811
access	www.access.redhat.com/errata/RHBA-2019:2816
access	www.access.redhat.com/errata/RHBA-2019:2794

21 Nov 2024 04:20Current

6.3Medium risk

Vulners AI Score6.3

CVSS 25.8

CVSS 3.16.5

CVSS 34.8

EPSS0.02846

cve-2019-11249 kubectl cp kubernetes container file copy security vulnerability nvd