Home > Vulnerability Database > CVE-2018-1002100

Mend.io Vulnerability Database

CVE-2018-1002100

Good to know:

Date: June 1, 2018

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.

Language: C++

Severity Score

4.2

Related Resources (8)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1564305

Url: https://security-tracker.debian.org/tracker/CVE-2018-1002100

Url: https://access.redhat.com/security/cve/CVE-2018-1002100

Url: https://github.com/kubernetes/kubernetes/issues/61297

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1002100

Url: https://hansmi.ch/articles/2018-04-openshift-s2i-security

Url: https://github.com/advisories/GHSA-2jq6-ffph-p4h8

Url: https://www.mend.io/vulnerability-database/CVE-2018-1002100

Severity Score

4.2

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version k8s.io/kubernetes - v1.9.6;k8s.io/kubernetes - v1.9.6

Learn More

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	3.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1002100

Good to know:

Date: June 1, 2018

Language: C++

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?