KubernetesCVELIST:CVE-2018-1002100CVE-2018-1002100
4.2 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
5.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.3%
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
CNA Affected
[
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.5.x"
},
{
"status": "affected",
"version": "v1.6.x"
},
{
"status": "affected",
"version": "v1.7.x"
},
{
"status": "affected",
"version": "v1.8.x"
},
{
"lessThan": "v1.9.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
4.2 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
5.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.3%