vulnerability
Oracle Linux: (CVE-2019-11251) ELSA-2019-4816: kubernetes security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | 2019-10-09 | 2019-10-10 | 2024-08-06 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
2019-10-09
Added
2019-10-10
Modified
2024-08-06
Description
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
Solution(s)
oracle-linux-upgrade-kubeadmoracle-linux-upgrade-kubeadm-ha-setuporacle-linux-upgrade-kubeadm-upgradeoracle-linux-upgrade-kubectloracle-linux-upgrade-kubeletoracle-linux-upgrade-kubernetes
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.