Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-11246

Published: 29/08/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Kubernetes

Vulnerability Summary

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions before 1.12.9, versions before 1.13.6, versions before 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes kubernetes

kubernetes kubernetes 1.12.11

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 3.10 atomic-openshift security update
Synopsis Important: OpenShift Container Platform 310 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 310Red Hat Product Security has rated this update as having a security impact of ...
Red Hat: Important: OpenShift Container Platform 3.9 atomic-openshift security update
Synopsis Important: OpenShift Container Platform 39 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 39Red Hat Product Security has rated this update as having a security impact of Imp ...
Red Hat: Moderate: Red Hat OpenShift Container Platform 3.11 atomic-openshift security update
Synopsis Moderate: Red Hat OpenShift Container Platform 311 atomic-openshift security update Type/Severity Security Advisory: Moderate Topic An update for atomic-openshift is now available for OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Mo ...
Red Hat: Moderate: Red Hat OpenShift Container Platform 3.10 atomic-openshift security update
Synopsis Moderate: Red Hat OpenShift Container Platform 310 atomic-openshift security update Type/Severity Security Advisory: Moderate Topic An update for atomic-openshift is now available for OpenShift Container PlatformRed Hat Product Security has rated this update as having a security impact of Moderat ...
Red Hat: Moderate: OpenShift Container Platform 3.9 atomic-openshift security update
Synopsis Moderate: OpenShift Container Platform 39 atomic-openshift security update Type/Severity Security Advisory: Moderate Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 39Red Hat Product Security has rated this update as having a security impactof Modera ...

Mailing Lists

Full Disclosure: [ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246 <!--X-Subject-Head ...

Github Repositories

https://github.com/vedmichv/CKS-Certified-Kubernetes-Security-Specialist

Shortlist of preparation materials to pass CKS exam

CKS Exam Preparation CKS Exam Preparation Intro Usefull courses General security-related docs Cirriclium Topics Cluster Setup – 10% Use Network security policies to restrict cluster level access Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi) Properly set up Ingress objects with security control Protect

https://github.com/tvdvoorde/cks

CKS Sections with a (*) are in progress and only have links and not yet additional content Cluster Setup – 10% Use Network security policies to restrict cluster level access kubectl explain NetworkPolicyspec NetworkPolicy's are applied to a namespace The specpodSelector defines criteria for the namespace Default deny all ing

References

CWE-22https://github.com/kubernetes/kubernetes/pull/76788https://security.netapp.com/advisory/ntap-20190919-0003/https://groups.google.com/forum/#%21topic/kubernetes-security-announce/NLs2TGbfPdohttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2019:3239https://github.com/vedmichv/CKS-Certified-Kubernetes-Security-Specialist
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook