CVE-2019-11251

MEDIUM

Kubernetes < 1.13.11 - Symlink Following

Title source: rule

Description

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.

References (2)

[Third Party Advisory] https://github.com/kubernetes/kubernetes/issues/87773

[Mailing List, Third Party Advisory] https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ

Scores

CVSS v3 4.8

EPSS 0.0345

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-61 CWE-59

Status published

Products (3)

k8s.io/kubernetes 1.13.10 - 1.13.11Go

kubernetes/kubernetes 1.1-1.12

kubernetes/kubernetes 1.13.0 - 1.13.11

Published Feb 03, 2020

Tracked Since Feb 18, 2026