CVE-2019-1002101

Impact:
Moderate
Public Date:
2019-03-28
CWE:
CWE-59
Bugzilla:
1685213: CVE-2019-1002101 kubernetes: Mishandling of symlinks allows for arbitrary file write via `kubectl cp`
A flaw was found in Kubernetes via the mishandling of symlinks when copying files from a running container. An attacker could exploit this by convincing a user to use `kubectl cp` or `oc cp` with a malicious container, allowing for arbitrary files to be overwritten on the host machine.

Find out more about CVE-2019-1002101 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects Kubernetes starting from version 1.9. OpenShift Container Platform (OCP) versions 3.9 and later are also affected.

This issue did not affect the version of Kubernetes(embedded in heketi) shipped with Red Hat Gluster Storage 3 as it does not contain the vulnerable code.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Impact High
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat OpenShift Container Platform 3.9 (atomic-openshift) RHBA-2019:0619 2019-04-09
Red Hat OpenShift Container Platform 3.11 (atomic-openshift) RHBA-2019:0636 2019-04-11
Red Hat OpenShift Container Platform 3.10 (atomic-openshift) RHBA-2019:0620 2019-04-09

Affected Packages State

Platform Package State
Red Hat OpenShift Container Platform 4.1 openshift Not affected
Red Hat OpenShift Container Platform 3.7 atomic-openshift Not affected
Red Hat OpenShift Container Platform 3.6 atomic-openshift Not affected
Red Hat OpenShift Container Platform 3.5 atomic-openshift Not affected
Red Hat OpenShift Container Platform 3.4 atomic-openshift Not affected
Red Hat Gluster Storage 3 heketi Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Acknowledgements

Red Hat would like to thank Ariel Zelivansky (Twistlock) for reporting this issue.

External References

Last Modified