CVE-2018-1002100 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1002100 Interim 1 30 2023-01-19T01:50:07Z current 2021-05-30T14:20:50Z 2023-01-19T01:50:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1002100 In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/update/announcement/2018/suse-su-20181982-1.html E-Mail link for SUSE-SU-2018:1982-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Magnum Orchestration 7 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 kubernetes kubernetes-client kubernetes as a component of Magnum Orchestration 7 kubernetes-client as a component of SUSE Linux Enterprise Module for Public Cloud 12 kubernetes as a component of SUSE Linux Enterprise Module for Public Cloud 12 In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. CVE-2018-1002100 Magnum Orchestration 7:kubernetes SUSE Linux Enterprise Module for Public Cloud 12:kubernetes SUSE Linux Enterprise Module for Public Cloud 12:kubernetes-client moderate 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P 5.5 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N