The vulnerability CVE-2019-11246 related to kubectl cp was exposed several months ago. Kubernetes recently announced another vulnerability CVE-2019-11249 related to kubectl cp. This vulnerability provides attackers with the opportunity to write malicious files saved in a TAR package into any paths on your host through directory traversal by running the kubectl cp command. This process is only restricted by the system permissions of the current user. We recommend that you upgrade the kubectl client version to a more secure version as soon as possible. For more information about the CVE-2019-11249 vulnerability, see Vulnerability fix: CVE-2019-11249 related to kubectl cp.
How helpful was this page?
What might be the problems?