Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1693320 - CVE-2019-1002101 - oc/kubectl fix potential directory traversal
Summary: CVE-2019-1002101 - oc/kubectl fix potential directory traversal
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Command Line Interface
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.9.z
Assignee: Maciej Szulik
QA Contact: Xingxing Xia
Depends On: 1693313 1693315 1693318
TreeView+ depends on / blocked
Reported: 2019-03-27 14:21 UTC by Maciej Szulik
Modified: 2019-04-01 09:49 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: oc cp command was not checking links from tarred files being used to copy files between pod and user's workstation. Consequence: oc cp command could enable a directory traversal replacing or deleting files on a user’s workstation. Fix: Do not allow escaping links or any other files from destination directory. Result: oc cp command verifies files being copied between pods and user workstation not to allow escaping from passed directories.
Clone Of: 1693318
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

Note You need to log in before you can comment on or make changes to this bug.