20 matches found
RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. - kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal CVE-2019-11249 -...
Oracle Linux 7 : kubernetes / kubeadm-upgrade / kubeadm-ha-setup (ELSA-2019-4593)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4593 advisory. - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains -- CVE-2019-9946 -- CVE-2019-1002101 -- CVE-2019-1002100...
fountain.org.tw Improper Access Control vulnerability OBB-2559060
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security Bulletin: InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes
Summary Multiple vulnerabilities in Kubernetes were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-9514 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of strea...
es.gearbest.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1156608 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
dom-termo.ru Cross Site Scripting vulnerability
Security Researcher geeknik Helped patch 8594 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting dom-termo.ru website and its users. Following coordinated...
RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Important: Red Hat Security Advisory: OpenShift Container Platform 3.10 atomic-openshift security update
An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Security Bulletin: IBM Cloud Private for Data is affected multiple security vulnerabilities in IBM Cloud Private Kubernetes
Summary IBM Cloud Private for Data is affected by multiple security vulnerabilites in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. Vulnerability Details CVEID: CVE-2019-9946 DESCRIPTION: Kubernetes could provid...
Kubernetes 1.11.x < 1.11.9 / 1.12.x < 1.12.7 / 1.13.x < 1.13.5 kubectl directory traversal
The version of Kubernetes installed on the remote host is version 1.11.x prior to 1.11.9, 1.12.x prior to 1.12.7 or 1.13.x prior to 1.13.5. It is, therefore, affected by a directory traversal vulnerability in the kubectl cp command due to mishandling of symlinks when copying files from a running...
Fedora Update for kubernetes FEDORA-2019-2b8ef08c95
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 30 : kubernetes (2019-2b8ef08c95)
Update to v1.15.2 + carry upstream 81330 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
Directory Traversal
github.com/kubernetes/kubernetes is vulnerable to directory traversal. The vulnerability exists as a malicious container can replace or create files on a user's workstation. The vulnerability is due to incomplete fixes of CVE-2019-1002101 and CVE-2019-11246...
kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...
Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002101 DESCRIPTION: Kubernetes could allow a remote attacker to traverse directories on the system, caused by the improper handling of symlinks. By persuading a victim to use the kubectl cp...
kubernetes security update
1.10.5-2.5.4 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.10.5-2.4.4 - CVE-2019-1002101 kubectl fix potential directory traversal 1.10.5-2.3.4 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000 - Fixup kubeadm-setup.s...
kubernetes security update
1.11.3-2.5.2 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.11.3-2.4.2 - CVE-2019-1002101 kubectl fix potential directory traversal 1.11.3-2.3.2 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000...
kubernetes security update
1.9.11-2.5.1 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.9.11-2.4.1 - CVE-2019-1002101 kubectl fix potential directory traversal 1.9.11-2.3.1 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000 - Fixup kubeadm-setup.s...
CVE-2019-1002101
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...
CVE-2019-1002101
Summary (CVE-2019-1002101): The kubectl cp path traversal vulnerability arises when copying files from a container to the user machine. Kubernetes creates a tar inside the container, which is streamed and unpacked on the user side; if the container’s tar binary is malicious, it can run code and c...