CVE-2019-11251

Summary

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetesprior to 1.13.11affected
KubernetesKubernetesprior to 1.14.7affected
KubernetesKubernetesprior to 1.15.4affected
KubernetesKubernetes1.1affected
KubernetesKubernetes1.2affected
KubernetesKubernetes1.3affected
KubernetesKubernetes1.4affected
KubernetesKubernetes1.5affected
KubernetesKubernetes1.6affected
KubernetesKubernetes1.7affected
KubernetesKubernetes1.8affected
KubernetesKubernetes1.9affected
KubernetesKubernetes1.10affected
KubernetesKubernetes1.11affected
KubernetesKubernetes1.12affected

Weaknesses

  • CWE-61: CWE-61: UNIX Symbolic Link (Symlink) Following

ADP Enrichment

CVE Program Container

Additional References

References