| id: GO-2022-0782 |
| modules: |
| - module: k8s.io/kubernetes |
| versions: |
| - fixed: 1.11.9 |
| - introduced: 1.12.0 |
| - fixed: 1.12.7 |
| - introduced: 1.13.0 |
| - fixed: 1.13.5 |
| vulnerable_at: 1.13.5-beta.0 |
| summary: Symlink Attack in kubectl cp in k8s.io/kubernetes |
| cves: |
| - CVE-2019-1002101 |
| ghsas: |
| - GHSA-34jx-wx69-9x8v |
| references: |
| - advisory: https://github.com/advisories/GHSA-34jx-wx69-9x8v |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2019-1002101 |
| - web: http://www.openwall.com/lists/oss-security/2019/06/21/1 |
| - web: http://www.openwall.com/lists/oss-security/2019/08/05/5 |
| - web: https://access.redhat.com/errata/RHBA-2019:0619 |
| - web: https://access.redhat.com/errata/RHBA-2019:0620 |
| - web: https://access.redhat.com/errata/RHBA-2019:0636 |
| - web: https://github.com/kubernetes/kubernetes/commit/47063891dd782835170f500a83f37cc98c3c1013 |
| - web: https://github.com/kubernetes/kubernetes/pull/75037 |
| - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ |
| - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F |
| - web: https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101 |
| source: |
| id: GHSA-34jx-wx69-9x8v |
| created: 2024-08-20T14:14:20.047993-04:00 |
| review_status: UNREVIEWED |
| unexcluded: NOT_IMPORTABLE |
