The kubectl cp command allows copying files between containers and the user
machine. To copy files from a container, Kubernetes creates a tar inside
the container, copies it over the network, and kubectl unpacks it on the
user’s machine. If the tar binary in the container is malicious, it could
run any code and output unexpected, malicious results. An attacker could
use this to write files to any path on the user’s machine when kubectl cp
is called, limited only by the system permissions of the local user. The
untar function can both create and follow symbolic links. The issue is
resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.
Upstream:not-affected (debian: Vulnerable code introduced later)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-10-24 06:54:43 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)