#VU14124 Path traversal in Kubernetes - CVE-2018-1002100

Cybersecurity Help s.r.o.

Published: 2018-07-30 | Updated: 2018-07-30

Vulnerability identifier: #VU14124

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-1002100

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Kubernetes
Server applications / Frameworks for developing and running applications

Vendor: Kubernetes

Description

The vulnerability allows a remote attacker to conduct path traversal attack on the target system.

The vulnerability exists due to the kubectl cp command insecurely handles tar data returned from the container. A remote unauthenticated attacker can conduct path traversal attack and overwrite arbitrary local files.

Mitigation
Update to version 1.9.6.

Vulnerable software versions

Kubernetes: 1.5.0 - 1.5.8, 1.6.0 - 1.6.13, 1.7.0 - 1.7.13, 1.8.0 - 1.8.8, 1.9.0 - 1.9.3

External links
https://github.com/kubernetes/kubernetes/issues/61297

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Kubernetes