{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"status": "affected", "version": "v1.5.x"}, {"status": "affected", "version": "v1.6.x"}, {"status": "affected", "version": "v1.7.x"}, {"status": "affected", "version": "v1.8.x"}, {"lessThan": "v1.9.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Reported by Michael Hanselmann"}], "dateAssigned": "2018-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "directory traversal vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-01T21:00:00Z", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubernetes/kubernetes/issues/61297"}, {"tags": ["x_refsource_MISC"], "url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jordan@liggitt.net", "DATE_ASSIGNED": "2018-04-13", "ID": "CVE-2018-1002100", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": "=", "version_value": "v1.5.x"}, {"version_affected": "=", "version_value": "v1.6.x"}, {"version_affected": "=", "version_value": "v1.7.x"}, {"version_affected": "=", "version_value": "v1.8.x"}, {"version_affected": "<", "version_value": "v1.9.6"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": ["Reported by Michael Hanselmann"], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "directory traversal vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubernetes/kubernetes/issues/61297", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/61297"}, {"name": "https://hansmi.ch/articles/2018-04-openshift-s2i-security", "refsource": "MISC", "url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:47:57.520Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/61297"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2018-1002100", "datePublished": "2018-06-01T21:00:00Z", "dateReserved": "2018-06-01T00:00:00Z", "dateUpdated": "2024-09-16T16:17:37.665Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "D09DA9DD-99CC-48B5-B815-416A38E683E3", "versionEndIncluding": "1.5.9", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9965DAB-0F22-489E-BC47-078B728CA68D", "versionEndIncluding": "1.6.14", "versionStartIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B2B878A-080A-4F6F-8084-547E753715FE", "versionEndIncluding": "1.7.17", "versionStartIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "B425895F-FB77-4688-8B97-FA0765CD251D", "versionEndIncluding": "1.8.15", "versionStartIncluding": "1.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8849BC1-DCAC-49D6-815B-2E25AB10A2D8", "versionEndIncluding": "1.9.5", "versionStartIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files."}, {"lang": "es", "value": "En las versiones 1.5.x, 1.6.x, 1.7.x, 1.8.x y anteriores a la versi\u00f3n 1.9.6 de Kubernetes, el comando kubectl cp gestiona de forma insegura los datos tar devueltos del contenedor, lo que puede sobrescribir archivos locales arbitrarios."}], "id": "CVE-2018-1002100", "lastModified": "2024-11-21T03:40:38.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-02T01:29:02.110", "references": [{"source": "jordan@liggitt.net", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/61297"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/61297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "affected_release": [{"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-0:3.9.30-1.git.0.dec1ba7.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}, {"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-dockerregistry-0:3.9.30-1.git.349.8b7912c.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}, {"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-web-console-0:3.9.30-1.git.245.4a3aade.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}, {"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "cri-o-0:1.9.12-1.gitfa11beb.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}, {"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "cri-tools-0:1.0.0-5.rhaos3.9.git8e6013a.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}, {"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "golang-github-prometheus-node_exporter-0:3.9.30-1.git.890.7ea5173.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}, {"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "openshift-ansible-0:3.9.30-1.git.7.46f8678.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}, {"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "rubygem-fluent-plugin-elasticsearch-0:1.16.1-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}, {"advisory": "RHBA-2018:1796", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:1.0.3-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2018-06-06T00:00:00Z"}], "bugzilla": {"description": "kubernetes: Kubectl copy doesn't check for paths outside of it's destination directory", "id": "1564305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.", "An improper validation flaw exists in the kubernetes 'kubectl cp' command. An attacker, who could trick a user into using the command to copy files locally from a pod, could override files outside of the target directory of the command."], "name": "CVE-2018-1002100", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kubernetes", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2018-03-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1002100\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1002100"], "statement": "Kubernetes support is moving from Red Hat Enterprise Linux to OpenShift Container Platform. Kubernetes and its dependencies will no longer be updated through the Extras channel. Instead, the Red Hat customers are advised to use Red Hat's supported Kubernetes-based products such as Red Hat OpenShift Container Platform.", "threat_severity": "Moderate", "upstream_fix": "Kubernetes 1.9.6"}