Bug 1151300 - (CVE-2019-11251) VUL-0: CVE-2019-11251: kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
(CVE-2019-11251)
VUL-0: CVE-2019-11251: kubernetes: `kubectl cp` allows for arbitrary file wri...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/242943/
CVSSv3:SUSE:CVE-2019-11251:5.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-19 10:03 UTC by Alexandros Toptsoglou
Modified: 2022-04-14 12:51 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-09-19 10:03:59 UTC
CVE-2019-11251

A vulnerability has been discovered in `kubectl cp` that allows a
combination of two  symlinks to copy a file outside of its destination
directory. This could be used to allow an attacker to place a netfarious
file using a symlink, outside of the destination tree.

Reference:
https://github.com/kubernetes/kubernetes/pull/82143
https://github.com/kubernetes/kubernetes/pull/82143
https://github.com/kubernetes/kubernetes/pull/82384
https://github.com/kubernetes/kubernetes/pull/82502
https://github.com/kubernetes/kubernetes/pull/82503

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1753495
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11251
Comment 1 Alexandros Toptsoglou 2019-09-19 11:16:27 UTC
Tracked as affected the following codestreams: 

SUSE:SLE-12-SP3:Update:Products:CASP30:Update and 
SUSE:SLE-15-SP1:Update:Products:CASP40:Update
Comment 2 Marcus Meissner 2019-09-19 13:43:01 UTC
hmm, bugowner was given the wrong result for some reason...
Comment 5 Marcus Meissner 2019-12-20 14:43:28 UTC
was this referenced in your changes entries=?
Comment 6 Gabriele Sonnu 2022-04-14 12:51:05 UTC
Done.