CVE-2019-1002101

MEDIUM

Kubernetes - Code Injection

Title source: llm

Description

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.

Exploits (1)

nomisec WORKING POC 5 stars

by brompwnie · poc

https://github.com/brompwnie/CVE-2019-1002101-Helpers

View Code ZIP pw:eip

References (11)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107652

[Vendor Advisory] https://access.redhat.com/errata/RHBA-2019:0619

[Vendor Advisory] https://access.redhat.com/errata/RHBA-2019:0620

[Vendor Advisory] https://access.redhat.com/errata/RHBA-2019:0636

[Patch, Third Party Advisory] https://github.com/kubernetes/kubernetes/pull/75037

[Various Sources] https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/

[Third Party Advisory] https://access.redhat.com/security/cve/cve-2019-1002101

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/

[Mailing List] http://www.openwall.com/lists/oss-security/2019/06/21/1

[Mailing List] http://www.openwall.com/lists/oss-security/2019/08/05/5

Scores

CVSS v3 6.4

EPSS 0.4927

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-59

Status published

Products (6)

k8s.io/kubernetes 0 - 1.11.9Go

kubernetes/kubernetes 1.14.0

kubernetes/kubernetes 1.11.0 - 1.11.9

redhat/openshift_container_platform 3.9

redhat/openshift_container_platform 3.10

redhat/openshift_container_platform 3.11

Published Apr 01, 2019

Tracked Since Feb 18, 2026