Moderate severityNVD Advisory· Published Jun 1, 2018· Updated Sep 16, 2024
CVE-2018-1002100
CVE-2018-1002100
Description
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetesGo | >= 1.5.0-alpha.0, < 1.9.6 | 1.9.6 |
Affected products
1- Range: v1.5.x
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-2jq6-ffph-p4h8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1002100ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/kubernetes/kubernetes/issues/61297ghsax_refsource_CONFIRMWEB
- hansmi.ch/articles/2018-04-openshift-s2i-securityghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.