Improper Link Resolution Before File Access ('Link Following')

CVE-2019-1002101

Medium

5.5/10

Summary

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user's machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. This issue affects versions prior to v1.11.9, v1.12.x prior to v1.12.7, and v1.13.x prior to v1.13.5.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-59 - Improper Link Resolution Before File Access

'Improper link resolution before file access' occurs when software accesses a file resource but fails to verify that the file isn't a link or shortcut to another file. An attacker can potentially gain access to arbitrary files and from there the impact can vary, depending on the application, from sensitive data exposure to remote code execution.

References

Advisory Timeline

Published Apr 01, 2019

Improper Link Resolution Before File Access ('Link Following')

CVE-2019-1002101

Summary

CWE-59 - Improper Link Resolution Before File Access

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS