GHSA-2575-pghm-6qqx

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-2575-pghm-6qqx/GHSA-2575-pghm-6qqx.json
Aliases
  • CVE-2019-11244
Published
2022-02-15T01:57:18Z
Modified
2023-09-18T20:18:54Z
Details

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.

References

Affected packages

Go / k8s.io/client-go

Source Details

Package Name
k8s.io/client-go

Affected ranges

Type
SEMVER
Events
Introduced
1.8.0
Fixed
1.12.9

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}