A flaw was found in Kubernetes via the mishandling of symlinks when copying files from a running container. An attacker could exploit this by convincing a user to use `kubectl cp` or `oc cp` with a malicious container, allowing for arbitrary files to be overwritten on the host machine.
A potential symlink escape vulnerability was found in Kubernetes after 1.9.0-alpha. A compromised container could potentially be used to achieve code execution.
Name: Ariel Zelivansky (Twistlock)
heketi-8.0.0 shipped with Gluster uses Kubernetes version v1.5.5 which is too old and the vulnerable code is not present which was introduced in v1.9.0-alpha.2.
This issue affects Kubernetes starting from version 1.9. OpenShift Container Platform (OCP) versions 3.9 and later are also affected.
This issue did not affect the version of Kubernetes(embedded in heketi) shipped with Red Hat Gluster Storage 3 as it does not contain the vulnerable code.
Created kubernetes tracking bugs for this issue:
Affects: fedora-all [bug 1693884]
Created kubernetes:1.1/kubernetes tracking bugs for this issue:
Affects: fedora-29 [bug 1693881]
Created kubernetes:openshift-3.10/origin tracking bugs for this issue:
Affects: fedora-29 [bug 1693882]
Created origin tracking bugs for this issue:
Affects: fedora-all [bug 1693885]