In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: kubernetes
Published: 2018-06-01T21:00:00Z
Updated: 2024-09-16T16:17:37.665Z
Reserved: 2018-06-01T00:00:00Z
Link: CVE-2018-1002100
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-06-02T01:29:02.110
Modified: 2024-11-21T03:40:38.253
Link: CVE-2018-1002100
Redhat