CVE-2018-1002100

Sažetak

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1564305
https://github.com/kubernetes/kubernetes/issues/61297
https://hansmi.ch/articles/2018-04-openshift-s2i-security

CVSS

Base:	3.6
Impact:	4.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

09-10-2019 - 23:32

Objavljeno

02-06-2018 - 01:29