This vulnerability allows a malicious container to cause a file to be created or replaced on the client computer when the client uses the kubectl cp operation. The vulnerability is a client-side defect and requires user interaction to be exploited.
Tag: Directory Traversal
ASA-2019-00391 – Kubernetes: Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal
Another security issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal such that a malicious container could replace or create files on a user’s workstation. The vulnerability is a client-side defect and requires user interaction to be exploited. The issue is High severity and upgrading kubectl to Kubernetes 1.12.9, 1.13.6, and 1.14.2 or later is encouraged to fix this issue.
ASA-2019-00357 – RubyGems: Delete directory using symlink when decompressing tar
A directory traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user’s machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp,/usr, etc.), this could likely lead to data loss or an unusable system.
ASA-2019-00161 – Kubernetes: Directory traversal vulnerability in kubectl
A security issue was discovered with the Kubernetes `kubectl cp` command that could enable a directory traversal replacing or deleting files on a user’s workstation.
ASA-2018-00075 – Go: Directory traversal in “go get” via curly braces in import paths
The "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode. The attacker can cause an arbitrary filesystem write, which can lead to code execution.