Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1693320

Summary: CVE-2019-1002101 - oc/kubectl fix potential directory traversal
Product: OpenShift Container Platform Reporter: Maciej Szulik <maszulik>
Component: Command Line InterfaceAssignee: Maciej Szulik <maszulik>
Status: MODIFIED --- QA Contact: Xingxing Xia <xxia>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.9.0CC: aos-bugs, jokerman, mmccomas, xxia
Target Milestone: ---   
Target Release: 3.9.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: oc cp command was not checking links from tarred files being used to copy files between pod and user's workstation. Consequence: oc cp command could enable a directory traversal replacing or deleting files on a user’s workstation. Fix: Do not allow escaping links or any other files from destination directory. Result: oc cp command verifies files being copied between pods and user workstation not to allow escaping from passed directories.
Story Points: ---
Clone Of: 1693318 Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1693313, 1693315, 1693318    
Bug Blocks: