CVE-2018-1002100 – k8s.io/kubernetes

Package

Manager: go
Name: k8s.io/kubernetes
Vulnerable Version: >=1.5 <1.9.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00639 pctl0.6963

Details

Kubernetes arbitrary file overwrite In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.

Metadata

Created: 2022-05-13T01:35:04Z
Modified: 2023-07-21T21:50:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2jq6-ffph-p4h8/GHSA-2jq6-ffph-p4h8.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-2jq6-ffph-p4h8
Finding: F184
Auto approve: 1