The kubectl cp command allows copying files between containers and the user
machine. To copy files from a container, Kubernetes runs tar inside the
container to create a tar archive, copies it over the network, and kubectl
unpacks it on the user’s machine. If the tar binary in the container is
malicious, it could run any code and output unexpected, malicious results.
An attacker could use this to write files to any path on the user’s machine
when kubectl cp is called, limited only by the system permissions of the
local user. Kubernetes affected versions include versions prior to 1.12.9,
versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2,
1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11.
Upstream:not-affected (debian: incomplete fix not applied)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-10-24 06:55:21 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)