5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
github.com/kubernetes/kubernetes is vulnerable to arbitrary file write. The kubectl cp
command does not safely process symlinks during unpacking, which would allow an attacker to unpack files outside of the destination directory.
bugzilla.suse.com/show_bug.cgi?id=1151300
github.com/kubernetes/kubernetes/commit/541da77d96a91734c2c068a09c6509d519898837
github.com/kubernetes/kubernetes/issues/87773
github.com/kubernetes/kubernetes/pull/82143
github.com/kubernetes/kubernetes/pull/82384
github.com/kubernetes/kubernetes/pull/82502
github.com/kubernetes/kubernetes/pull/82503
groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N