CVE-2019-1002101

1 minute read

This vulnerability may allow an attacker to modify or monitor any file in the directory with the same name in the symbolic link header during the unpacking process of the kubectl cp command, thereby causing damage.

Scope

The kubectl cp command allows copying files between containers and the user machine. An attacker may implant a malicious tar package with a symbolic link header into the image or running container, and modify or monitor any file in the directory that has the same name as the symbolic link header during the unpacking process of the cp command, thereby causing damage.

Fixed by Official

v1.14.1
v1.13.6
v1.12.8
v1.11.10

Fixed by KLTS

v1.10.13-lts.1 CVE-2019-1002101.1.10.patch

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified March 8, 2022 : mv en to kuberentes/ (95aa90d4)