CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2019-11246 – kubectl cp allows symlink directory traversal
https://notcve.org/view.php?id=CVE-2019-11246
27 Jun 2019 — The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions ... • https://github.com/kubernetes/kubernetes/pull/76788 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11243
https://notcve.org/view.php?id=CVE-2019-11243
22 Apr 2019 — In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig() En Kubernetes versión 1.12.0 hasta versión 1.12.4 y versión 1.13.0, el método rest.AnonymousClientConfig() retorna una copia de la configuración provist... • http://www.securityfocus.com/bid/108053 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11244 – kubectl creates world-writeable cached schema files
https://notcve.org/view.php?id=CVE-2019-11244
22 Apr 2019 — In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. En Kubernetes versión 1.8.x hasta versión 1.14.x, el componente kubectl almacena en caché la información del esquema en la u... • http://www.securityfocus.com/bid/108064 • CWE-524: Use of Cache Containing Sensitive Information CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2019-9946 – kubernetes: Incorrect rule injection in CNI portmap plugin
https://notcve.org/view.php?id=CVE-2019-9946
02 Apr 2019 — Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is f... • https://access.redhat.com/errata/RHBA-2019:0862 • CWE-670: Always-Incorrect Control Flow Implementation CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 6.4EPSS: 49%CPEs: 7EXPL: 1CVE-2019-1002101 – kubectl cp path traversal
https://notcve.org/view.php?id=CVE-2019-1002101
01 Apr 2019 — The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. ... • https://github.com/brompwnie/CVE-2019-1002101-Helpers • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 10%CPEs: 5EXPL: 0CVE-2019-1002100 – kube-apiserver: DoS with crafted patch of type json-patch
https://notcve.org/view.php?id=CVE-2019-1002100
01 Apr 2019 — In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. En todas las versiones de Kubernetes anteriores a las v1.11.8, v1.12.6 y v1.13.4, los usuarios autorizados para realizar peticio... • http://www.securityfocus.com/bid/107290 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1002101
https://notcve.org/view.php?id=CVE-2018-1002101
05 Dec 2018 — In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. En Kubernetes, en versiones 1.9.0-1.9.9, 1.10.0-1.10.5 y 1.11.0-1.11.1, las entradas de usuario se manejaron de forma incorrecta al configurar puntos de montaje de volúmenes en nodos de Windows, lo que podría conducir a una inyección de argumentos de la línea de comandos. • http://www.securityfocus.com/bid/106238 •
CVSS: 9.8EPSS: 90%CPEs: 14EXPL: 7CVE-2018-1002105 – Kubernetes - (Unauthenticated) Arbitrary Requests
https://notcve.org/view.php?id=CVE-2018-1002105
03 Dec 2018 — In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. En todas las versiones de Kubernetes anteriores a la v1.1... • https://www.exploit-db.com/exploits/46052 • CWE-305: Authentication Bypass by Primary Weakness CWE-388: 7PK - Errors •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1002100
https://notcve.org/view.php?id=CVE-2018-1002100
01 Jun 2018 — In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. En las versiones 1.5.x, 1.6.x, 1.7.x, 1.8.x y anteriores a la versión 1.9.6 de Kubernetes, el comando kubectl cp gestiona de forma insegura los datos tar devueltos del contenedor, lo que puede sobrescribir archivos locales arbitrarios. • https://bugzilla.redhat.com/show_bug.cgi?id=1564305 • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 33%CPEs: 7EXPL: 1CVE-2017-1002101 – kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath
https://notcve.org/view.php?id=CVE-2017-1002101
12 Mar 2018 — In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. En Kubernetes, en versiones 1.3.x, 1.4.x, 1.5.x, 1.6.x y en versiones anteriores a la 1.7.14, 1.8.9 y 1.9.4, los contenedores que emplean montajes de volumen subpath con cualquier tipo de volumen (incluyendo po... • https://github.com/bgeesaman/subpath-exploit • CWE-59: Improper Link Resolution Before File Access ('Link Following') •