Back to bug 1564305
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jason Shepherd | 2018-04-06 00:10:44 UTC | Depends On | 1564307 | |
| Jason Shepherd | 2018-04-06 00:31:02 UTC | Doc Text | An improper validation flaw exists in the kubernetes 'kubectl cp' command. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. | |
| Whiteboard | impact=moderate,reported=20180317,source=researcher,cwe=CWE-20,rhel-7/kubernetes=affected,fedora-all/kubernetes=affected | impact=moderate,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=affected,fedora-all/kubernetes=affected | ||
| Jason Shepherd | 2018-04-06 00:31:25 UTC | Whiteboard | impact=moderate,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=affected,fedora-all/kubernetes=affected | impact=moderate,public=20180317,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=affected,fedora-all/kubernetes=affected |
| Jason Shepherd | 2018-04-06 01:23:17 UTC | Depends On | 1564337 | |
| Cedric Buissart | 2018-04-11 14:08:27 UTC | CC | jshepherd | |
| Flags | needinfo?(jshepherd) | |||
| Cedric Buissart | 2018-04-12 07:51:51 UTC | Whiteboard | impact=moderate,public=20180317,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=affected,fedora-all/kubernetes=affected | impact=moderate,public=20180317,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=wontfix,fedora-all/kubernetes=affected |
| Kurt Seifried | 2018-04-13 13:49:40 UTC | CC | ahardin, bleanhar, ccoleman, dedgar, dmcphers, jgoulding, jokerman, kseifried, mchappel | |
| Whiteboard | impact=moderate,public=20180317,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=wontfix,fedora-all/kubernetes=affected | impact=moderate,public=20180317,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=wontfix,fedora-all/kubernetes=affected,openshift-enterprise-3/kubernetes=affected,openshift-1/kubernetes=affected | ||
| Kurt Seifried | 2018-04-13 14:52:16 UTC | Depends On | 1567207 | |
| Kurt Seifried | 2018-04-13 14:53:06 UTC | Depends On | 1567208 | |
| Kurt Seifried | 2018-04-13 17:06:36 UTC | Summary | kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory | CVE-2018-1002100 kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory |
| Alias | CVE-2018-1002100 | |||
| Kurt Seifried | 2018-04-16 19:52:27 UTC | CC | jliggitt | |
| Kurt Seifried | 2018-04-19 18:13:32 UTC | Blocks | 1569667 | |
| Kurt Seifried | 2018-04-19 18:15:08 UTC | Blocks | 1562249 | |
| Kurt Seifried | 2018-04-22 23:36:15 UTC | Flags | needinfo?(jshepherd) | |
| Xingxing Xia | 2018-05-02 15:50:52 UTC | CC | xxia | |
| Kurt Seifried | 2018-05-11 15:57:04 UTC | CC | dmcphers | abhgupta, dbaker, sthangav, trankin |
| Whiteboard | impact=moderate,public=20180317,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=wontfix,fedora-all/kubernetes=affected,openshift-enterprise-3/kubernetes=affected,openshift-1/kubernetes=affected | impact=moderate,public=20180317,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=wontfix,fedora-all/kubernetes=affected,openshift-enterprise-3/kubernetes=affected,openshift-online-3/kubernetes=affected | ||
| Kurt Seifried | 2018-05-11 15:57:27 UTC | Depends On | 1577293, 1577292 | |
| DeShuai Ma | 2018-05-14 03:12:50 UTC | CC | dma | |
| PnT Account Manager | 2018-06-29 22:36:21 UTC | CC | kseifried | |
| PnT Account Manager | 2018-08-31 21:40:35 UTC | CC | jliggitt | |
| PnT Account Manager | 2018-10-27 21:43:12 UTC | CC | dma | |
| Dhananjay Arunesh | 2019-05-20 05:40:59 UTC | Fixed In Version | Kubernetes 1.9.6 | |
| Dominik Mierzejewski | 2019-06-28 15:03:36 UTC | CC | dominik.mierzejewski | |
| Eric Christensen | 2019-07-02 15:06:07 UTC | Doc Text | An improper validation flaw exists in the kubernetes 'kubectl cp' command. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. | An improper validation flaw exists in the kubernetes 'kubectl cp' command. An attacker, who could trick a user into using the command to copy files locally from a pod, could override files outside of the target directory of the command. |
| Zhigang Wang | 2019-09-19 17:27:10 UTC | CC | zhigwang | |
| Sam Fowler | 2019-09-20 05:20:27 UTC | CC | nstielau | |
| Product Security DevOps Team | 2019-09-29 14:35:58 UTC | Whiteboard | impact=moderate,public=20180317,reported=20180317,source=researcher,cvss3=6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N,cwe=CWE-20,rhel-7/kubernetes=wontfix,fedora-all/kubernetes=affected,openshift-enterprise-3/kubernetes=affected,openshift-online-3/kubernetes=affected | |
| Sam Fowler | 2020-03-18 01:40:47 UTC | CC | bmontgom, jburrell, sponnaga | |
| PnT Account Manager | 2020-05-04 21:54:18 UTC | CC | vbatts | |
| PnT Account Manager | 2020-08-11 22:18:03 UTC | CC | nhorman | |
| Joshua Padman | 2021-10-21 19:59:26 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2021-10-21 19:59:26 UTC |
Back to bug 1564305