Boletines de Vulnerabilidades

Kubernetes Security Issue (CVE-2019-11246)

Información sobre el sistema
   
Software afectado AmazonWS

Descripción
July 02, 2019 2:00 PM PDT CVE Identifier: CVE-2019-11246 AWS is aware of a security vulnerability (CVE-2019-11246) in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a users workstation. If a user were to run an untrusted container containing a malicious version of the tar command and execute the kubectl cp operation, the kubectl binary unpacking the tar file could overwrite or create files on a users workstation. AWS customers should refrain

More info:

https://aws.amazon.com/security/security-bulletins/AWS-2019-006/

Identificadores estándar
Propiedad Valor
CVE CVE-2019-11246.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2019-07-03

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT