In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2018-06-01T21:00:00Z

Updated: 2024-09-16T16:17:37.665Z

Reserved: 2018-06-01T00:00:00Z

Link: CVE-2018-1002100

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-02T01:29:02.110

Modified: 2024-11-21T03:40:38.253

Link: CVE-2018-1002100

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-03-17T00:00:00Z

Links: CVE-2018-1002100 - Bugzilla