Veracode Vulnerability DatabaseVERACODE:13572Directory Traversal
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
github.com/kubernetes/kubernetes is vulnerable to directory traversal. A remote attacker is able to modify or delete files on a user’s workstation via the kubectl cp command due to the mishandling of symlinks in the untarAll function.
References
www.openwall.com/lists/oss-security/2019/06/21/1
www.openwall.com/lists/oss-security/2019/08/05/5
www.securityfocus.com/bid/107652
access.redhat.com/errata/RHBA-2019:0619
access.redhat.com/errata/RHBA-2019:0620
access.redhat.com/errata/RHBA-2019:0636
access.redhat.com/security/cve/cve-2019-1002101
github.com/kubernetes/kubernetes/pull/75037
lists.fedoraproject.org/archives/list/[email protected]/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/
lists.fedoraproject.org/archives/list/[email protected]/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/
www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P