In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
Workaround:
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
| Link | Tags |
|---|---|
| https://github.com/kubernetes/kubernetes/issues/76676 | third party advisory |
| http://www.securityfocus.com/bid/108064 | third party advisory vdb entry |
| https://security.netapp.com/advisory/ntap-20190509-0002/ | third party advisory |
| https://access.redhat.com/errata/RHSA-2019:3942 | third party advisory vendor advisory |
| https://access.redhat.com/errata/RHSA-2020:0020 | third party advisory vendor advisory |
| https://access.redhat.com/errata/RHSA-2020:0074 | third party advisory vendor advisory |