7 matches found
EUVD-2021-0974
Malware in sbrugna...
SUSE CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...
GHSA-6QFG-8799-R575 Kubernetes kubectl cp Vulnerable to Symlink Attack
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...
UBUNTU-CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...
kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...
kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...
PT-2019-5665 · Kubernetes +1 · Kubernetes +1
Name of the Vulnerable Software and Affected Versions: Kubernetes versions 1.1 through 1.12 Kubernetes versions prior to 1.13.11 Kubernetes versions prior to 1.14.7 Kubernetes versions prior to 1.15.4 Description: The issue is related to the Kubernetes kubectl cp command, which allows an attacker...