Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-11251

Published: 03/02/2020 Updated: 06/02/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.7 | Impact Score: 3.6 | Exploitability Score: 2.1
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Kubernetes

Vulnerability Summary

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions before 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an malicious user to place a nefarious file using a symlink, outside of the destination tree.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes kubernetes 1.1-1.12

kubernetes kubernetes

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 3.11 atomic-openshift security update
Synopsis Important: OpenShift Container Platform 311 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 311Red Hat Product Security has rated this update as having a security impact of I ...
Red Hat: Moderate: OpenShift Container Platform 4.1 openshift-enterprise-cli-container security update
Synopsis Moderate: OpenShift Container Platform 41 openshift-enterprise-cli-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-cli-container is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update ...
Red Hat: Moderate: OpenShift Container Platform 4.1 openshift security update
Synopsis Moderate: OpenShift Container Platform 41 openshift security update Type/Severity Security Advisory: Moderate Topic An update for openshift is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...
Red Hat: Important: OpenShift Container Platform 3.9 atomic-openshift security update
Synopsis Important: OpenShift Container Platform 39 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 39Red Hat Product Security has rated this update as having a security impact of Imp ...

References

CWE-59https://github.com/kubernetes/kubernetes/issues/87773https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2019:3905
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook