| Summary: | CVE-2019-1002101 kubernetes: Mishandling of symlinks allows for arbitrary file write via `kubectl cp` | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abhgupta, admiller, ahardin, bjarvis, bleanhar, ccoleman, dbaker, dedgar, dominik.mierzejewski, eparis, go-sig, hchiramm, ichavero, jbrooks, jcajka, jchaloup, jgoulding, jmulligan, jokerman, kramdoss, madam, mchappel, nhorman, rhs-bugs, sankarshan, security-response-team, sisharma, sponnaga, sthangav, storage-qa-internal, strigazi, syangsao, tdawson, trankin, tstclair, vbatts, vbellur |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=moderate,public=20190328,reported=20190304,source=researcher,cvss3=5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N,cwe=CWE-59,fedora-29/kubernetes:1.1/kubernetes=affected,fedora-29/kubernetes:openshift-3.10/origin=affected,fedora-all/kubernetes=affected,fedora-all/origin=affected,openshift-enterprise-3.4/atomic-openshift=notaffected,openshift-enterprise-3.5/atomic-openshift=notaffected,openshift-enterprise-3.6/atomic-openshift=notaffected,openshift-enterprise-3.7/atomic-openshift=notaffected,openshift-enterprise-3.9/atomic-openshift=affected,openshift-enterprise-4.1/openshift=notaffected,openshift-enterprise-3.10/atomic-openshift=affected,openshift-enterprise-3.11/atomic-openshift=affected,openshift-online-3/atomic-openshift=defer,rhes-3/heketi=notaffected | ||
| Fixed In Version: | kubernetes 1.11.9, kubernetes 1.12.7, kubernetes 1.13.5, kubernetes 1.14.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in Kubernetes via the mishandling of symlinks when copying files from a running container. An attacker could exploit this by convincing a user to use `kubectl cp` or `oc cp` with a malicious container, allowing for arbitrary files to be overwritten on the host machine.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | ||
| Bug Depends On: | 1693881, 1693882, 1693885, 1686294, 1686295, 1687658, 1687659, 1693315, 1693318, 1693320, 1693884 | ||
| Bug Blocks: | 1685214 | ||
|
Description
Andrej Nemec
2019-03-04 16:51:27 UTC
Acknowledgments: Name: Ariel Zelivansky (Twistlock) heketi-8.0.0 shipped with Gluster uses Kubernetes version v1.5.5 which is too old and the vulnerable code is not present which was introduced in v1.9.0-alpha.2. Statement: This issue affects Kubernetes starting from version 1.9. OpenShift Container Platform (OCP) versions 3.9 and later are also affected. This issue did not affect the version of Kubernetes(embedded in heketi) shipped with Red Hat Gluster Storage 3 as it does not contain the vulnerable code. Upstream Patch: https://github.com/kubernetes/kubernetes/pull/75037 External References: https://discuss.kubernetes.io/t/announce-security-release-of-kubernetes-kubectl-potential-directory-traversal-releases-1-11-9-1-12-7-1-13-5-and-1-14-0-cve-2019-1002101/5712 Created kubernetes tracking bugs for this issue: Affects: fedora-all [bug 1693884] Created kubernetes:1.1/kubernetes tracking bugs for this issue: Affects: fedora-29 [bug 1693881] Created kubernetes:openshift-3.10/origin tracking bugs for this issue: Affects: fedora-29 [bug 1693882] Created origin tracking bugs for this issue: Affects: fedora-all [bug 1693885] |