CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

A third issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal such that a malicious container could replace or create files on a user’s workstation. The vulnerability is a client-side defect and requires user interaction to be exploited.

Vulnerable versions:
Kubernetes 1.0.x-1.12.x
Kubernetes 1.13.0-1.13.8
Kubernetes 1.14.0-1.14.4
Kubernetes 1.15.0-1.15.1

Vulnerable configurations:
All kubectl clients running a vulnerable version and using the cp operation.

Vulnerability impact:
A malicious user can potentially create or overwrite files outside of the destination directory of the kubectl cp operation.

Mitigations prior to upgrading:
Avoid using kubectl cp with any untrusted workloads.

Fixed versions:
Fixed in v1.13.9 by #80871
Fixed in v1.14.5 by #80870
Fixed in v1.15.2 by #80869
Fixed in master by #80436

Fix impact:
The kubectl cp function is prevented from creating or modifying files outside the destination directory.

Acknowledgements:
This issue was discovered by Yang Yang of Amazon, who also provided a patch. Thanks also to the release managers for creating the security releases.