Boletines de Vulnerabilidades

Kubernetes Security Issue (CVE-2019-11249)

Información sobre el sistema
   
Software afectado AmazonWS

Descripción
Last Updated: August 15, 2019 9:00AM PDT CVE Identifier: CVE-2019-11249 AWS is aware of a security issue (CVE-2019-11249) which resolves incomplete fixes for CVE-2019-1002101 and CVE-2019-11246. Like the aforementioned CVEs, the issue is in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a users workstation. If a user were to run an untrusted container containing a malicious version of the tar command and execute the kubectl cp operation, the

More info:

https://aws.amazon.com/security/security-bulletins/AWS-2019-007/

Identificadores estándar
Propiedad Valor
CVE CVE-2019-11249 ,CVE-2019-1002101 and CVE-2019-11246.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2019-08-16

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT