Flashes (Alerts)
Abstract
IBM Cloud Kubernetes Service is not affected by Kubernetes `kubectl cp` directory traversal vulnerability (CVE-2019-11249)
Content
kubectl cp directory traversal.Description: Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user’s workstation.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/164768 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
While IBM Cloud Kubernetes Service itself is NOT vulnerable to CVE-2019-11249, customers are advised to ensure their kubectl client binaries are updated to the latest available version based on their Kubernetes cluster major.minor version. For more information, see Installing the Kubernetes CLI (kubectl).
To verify your kubectl client binaries are no longer exposed use the following command to confirm the currently running versions:
kubectl version --client
If your versions are at one of the following levels or later, you are no longer exposed to this vulnerability:
- 1.13.9
- 1.14.5
- 1.15.2
Related Information
Was this topic helpful?
Document Information
Modified date:
26 September 2022
UID
ibm10967123