Directory traversal vulnerability in Kubernetes - CVE-2019-11251 (rpm)ID: oval:org.secpod.oval:def:61439 | Date: (C)2020-02-17 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Kubernetes kubectl version 1.1.0 through 1.12.x, 1.13.x before 1.13.11, 1.14.x before 1.14.7 or 1.15.x before 1.15.4 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle a issue in the Kubernetes kubectl cp command. Successful exploitation allows attackers to to place a nefarious file using a symlink, outside of the destination tree.