Lucene search

K
ibmIBMD34A8747B4D4B812B2F23F1A3751844734B878F06709BA11BFDE77F840DB7B55
HistoryDec 20, 2019 - 9:41 p.m.

Security Bulletin: Vulnerabilities in Kubernetes affects IBM Watson Studio Local

2019-12-2021:41:14
www.ibm.com
15

EPSS

0.003

Percentile

66.4%

Summary

Vulnerabilities in Kubernetes affects IBM Watson Studio Local

Vulnerability Details

CVEID:CVE-2019-11249
**DESCRIPTION:**The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164768 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Studio - Local 1.2.3

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Watson Studio Local 2.1 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;
IBM Cloud Pak for Data 2.5 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;

Workarounds and Mitigations

None

EPSS

0.003

Percentile

66.4%