An improper validation flaw exists in the kubernetes 'kubectl cp' command. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
Find out more about CVE-2018-1002100 from the MITRE CVE dictionary dictionary and NIST NVD.
Kubernetes support is moving from Red Hat Enterprise Linux to OpenShift Container Platform. Kubernetes and its dependencies will no longer be updated through the Extras channel. Instead, the Red Hat customers are advised to use Red Hat's supported Kubernetes-based products such as Red Hat OpenShift Container Platform.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality | None |
| Integrity Impact | High |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat OpenShift Enterprise 3 | kubernetes | Affected |
| Red Hat Enterprise Linux 7 | kubernetes | Will not fix |
Vulmon