How severe is CVE-2019-11249?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2019-11249?

This is classified as CWE-61, which is a common weakness in software security.

CVE-2019-11249 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.

Related Vulnerabilities

CVE-2024-42367

MEDIUM

CVSS:4.8(Medium)

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulne...

CWE-612024

CVE-2023-20091

MEDIUM

CVSS:5.1(Medium)

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerabil...

CWE-612023

CVE-2023-20092

MEDIUM

CVSS:4.4(Medium)

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vul...

CWE-612023

CVE-2023-20093

MEDIUM

CVSS:4.4(Medium)

CWE-612023

CVE-2024-0134

MEDIUM

CVSS:4.1(Medium)

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name a...

CWE-612024

CVE-2024-27872

MEDIUM

CVSS:5.5(Medium)

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data.

CWE-612024