How severe is CVE-2019-11251?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2019-11251?

This is classified as CWE-61, which is a common weakness in software security.

CVE-2019-11251 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.

Related Vulnerabilities

CVE-2024-27872

MEDIUM

CVSS:5.5(Medium)

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data.

CWE-612024

CVE-2024-34014

MEDIUM

CVSS:5.5(Medium)

Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Bac...

CWE-612024

CVE-2024-52542

MEDIUM

CVSS:5.5(Medium)

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to informati...

CWE-612024

CVE-2025-24832

MEDIUM

CVSS:5.5(Medium)

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.8...

CWE-612025

CVE-2024-25952

MEDIUM

CVSS:6.0(Medium)

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, ...

CWE-612024

CVE-2024-25953

MEDIUM

CVSS:6.0(Medium)

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, ...

CWE-612024