Flashes (Alerts)
Abstract
IBM Cloud Kubernetes Service is not affected by Kubernetes `kubectl cp` directory traversal vulnerability (CVE-2019-11246)
Content
IBM Cloud Kubernetes Service is NOT vulnerable to CVE-2019-11246 Kubernetes
kubectl cp directory traversal.CVE-ID: CVE-2019-11246
Description: Kubernetes could allow a remote attacker to traverse directories on the system. By persuading a victim to use the
CVSS Base Score: 5.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/162892 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)
Description: Kubernetes could allow a remote attacker to traverse directories on the system. By persuading a victim to use the
kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user’s workstation.CVSS Base Score: 5.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/162892 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)
Recommedation
To resolve any existing exposure to this vulnerability, customers are advised to ensure their
kubectl client binaries are updated to the latest available for their kube master release.If your
kubectl client binaries are are at one of the following levels or later, you are no longer exposed to this vulnerability:- 1.12.9
- 1.13.6
- 1.14.2
Related Information
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSJTBP","label":"IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud"},"Component":"kubectl","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB21","label":"Public Cloud Platform"}}]
Was this topic helpful?
Document Information
Modified date:
26 September 2022
UID
ibm10958853