CVE-2019-11249

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.

CVSS v3 6.5 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/errata/RHBA-2019:2794	Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:2816	Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:2824	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3239	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3811	Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/80984	Patch Third Party Advisory
https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20190919-0003/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform:3.9:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:3.10:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::*

History

No history.

Information

Published : 2019-08-29 01:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-11249

Mitre link : CVE-2019-11249

CVE.ORG link : CVE-2019-11249

JSON object : View

Products Affected

kubernetes

kubernetes

redhat

openshift_container_platform

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-61

UNIX Symbolic Link (Symlink) Following

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.8 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-11249

6.5^/10

5.8^/10

Attach tags to `CVE-2019-11249`