Medium severity4.2NVD Advisory· Published Jun 2, 2018· Updated Jun 17, 2026
CVE-2018-1002100
CVE-2018-1002100
Description
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetesGo | >= 1.5.0-alpha.0, < 1.9.6 | 1.9.6 |
Affected products
3- ghsa-coords2 versions
>= 1.5.0-alpha.0, < 1.9.6+ 1 more
- (no CPE)range: >= 1.5.0-alpha.0, < 1.9.6
- (no CPE)range: < 0.0.20250807T150727-1.1
- Range: v1.5.x
Patches
Vulnerability mechanics
References
5- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-2jq6-ffph-p4h8ghsaADVISORY
- github.com/kubernetes/kubernetes/issues/61297nvdThird Party AdvisoryWEB
- hansmi.ch/articles/2018-04-openshift-s2i-securitynvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1002100ghsaADVISORY
News mentions
0No linked articles in our index yet.