The kubectl cp command allows copying files between containers and the user
machine. To copy files from a container, Kubernetes runs tar inside the
container to create a tar archive, copies it over the network, and kubectl
unpacks it on the user?s machine. If the tar binary in the container is
malicious, it could run any code and output unexpected, malicious results.
An attacker could use this to write files to any path on the user?s machine
when kubectl cp is called, limited only by the system permissions of the
local user. Kubernetes affected versions include versions prior to 1.13.9,
versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2,
1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
Upstream:not-affected (debian: incomplete fix not applied)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
More Information

Updated: 2019-12-05 19:58:46 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)