Flashes (Alerts)
Abstract
Red Hat OpenShift on IBM Cloud is not affected by Kubernetes kubectl cp directory traversal vulnerability (CVE-2019-11249)
Content
Red Hat OpenShift on IBM Cloud service is NOT vulnerable to CVE-2019-11249 Kubernetes
kubectl cp directory traversal.CVE-ID: CVE-2019-11249
Description: Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user’s workstation.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/164768 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
Description: Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user’s workstation.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/164768 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
Recommedation
While Red Hat OpenShift on IBM Cloud service itself is NOT vulnerable to CVE-2019-11249, customers are advised to ensure their
kubectl and oc client binaries are updated to the latest available version based on their cluster version. For more information, see Installing the OpenShift CLI.To verify your
oc client binaries are no longer exposed, use the following command to confirm the currently running versions are 3.11.146 or later:oc version | grep openshiftTo verify your
kubectl client binaries are no longer exposed, use the following command to confirm the currently running versions are 1.13.9 or later:kubectl version --clientRelated Information
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSJTBP","label":"IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud"},"Component":"kubectl","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB21","label":"Public Cloud Platform"}}]
Was this topic helpful?
Document Information
Modified date:
26 September 2022
UID
ibm11102029