VDB
GO-2022-0782
GO-2022-0782
PUBLISHED
Symlink Attack in kubectl cp in k8s.io/kubernetes
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| k8s.io | kubernetes | 0, 1.12.0, 1.13.0 |
Timeline
- Aug 21, 2024 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/advisories/GHSA-34jx-wx69-9x8v advisory
- http://www.openwall.com/lists/oss-security/2019/06/21/1 url
- http://www.openwall.com/lists/oss-security/2019/08/05/5 url
- https://access.redhat.com/errata/RHBA-2019:0619 url
- https://access.redhat.com/errata/RHBA-2019:0620 url
- https://access.redhat.com/errata/RHBA-2019:0636 url
- https://github.com/kubernetes/kubernetes/commit/47063891dd782835170f500a83f37cc98c3c1013 url
- https://github.com/kubernetes/kubernetes/pull/75037 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F url
- https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101 url