CVE-2018-1002100

Published June 2nd, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

3.6

LOW

Affected

PROJECT

Description

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.

kubernetes/kubernetes

Production-Grade Container Scheduling and Management

GitHub

123K