In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir
(defaulting to $HOME/.kube/http-cache
), written with world-writeable permissions (rw-rw-rw-
). If --cache-dir
is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
{ "github_reviewed_at": "2021-05-07T17:22:21Z", "cwe_ids": [ "CWE-524", "CWE-732" ], "nvd_published_at": null, "severity": "MODERATE", "github_reviewed": true }