{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2019-1002101","title":"Title"},{"category":"description","text":"The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user's machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2019-1002101","url":"https://www.suse.com/security/cve/CVE-2019-1002101"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1131056 for CVE-2019-1002101","url":"https://bugzilla.suse.com/1131056"},{"category":"external","summary":"SUSE Bug 1138929 for CVE-2019-1002101","url":"https://bugzilla.suse.com/1138929"},{"category":"external","summary":"SUSE Bug 1144507 for CVE-2019-1002101","url":"https://bugzilla.suse.com/1144507"}],"title":"SUSE CVE CVE-2019-1002101","tracking":{"current_release_date":"2026-03-13T15:17:58Z","generator":{"date":"2024-06-04T13:16:45Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2019-1002101","initial_release_date":"2024-06-04T13:16:45Z","revision_history":[{"date":"2024-06-04T13:16:45Z","number":"2","summary":"Current version"},{"date":"2025-01-01T06:04:18Z","number":"3","summary":"Current version"},{"date":"2025-02-15T06:41:49Z","number":"4","summary":"Current version"},{"date":"2025-02-17T07:06:36Z","number":"5","summary":"Current version"},{"date":"2025-03-13T17:06:26Z","number":"6","summary":"Current version"},{"date":"2025-03-15T10:22:03Z","number":"7","summary":"Current version"},{"date":"2025-04-25T05:52:25Z","number":"8","summary":"Current version"},{"date":"2025-08-08T23:41:25Z","number":"9","summary":"Current version"},{"date":"2025-11-04T01:21:58Z","number":"10","summary":"Current version"},{"date":"2025-12-17T02:05:43Z","number":"11","summary":"description changed"},{"date":"2025-12-19T02:12:40Z","number":"12","summary":"description changed"},{"date":"2026-03-13T15:17:58Z","number":"13","summary":"unknown changes"}],"status":"interim","version":"13"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"Magnum Orchestration 7","product":{"name":"Magnum Orchestration 7","product_id":"Magnum Orchestration 7","product_identification_helper":{"cpe":"cpe:/o:suse:openstack-cloud-magnum-orchestration:7"}}},{"category":"product_name","name":"SUSE Container as a Service Platform 2.0","product":{"name":"SUSE Container as a Service Platform 2.0","product_id":"SUSE Container as a Service Platform 2.0","product_identification_helper":{"cpe":"cpe:/o:suse:caasp:2.0"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 12","product":{"name":"SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Public Cloud 12","product":{"name":"SUSE Linux Enterprise Module for Public Cloud 12","product_id":"SUSE Linux Enterprise Module for Public Cloud 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-public-cloud:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12","product":{"name":"SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3","product":{"name":"SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4","product":{"name":"SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5","product":{"name":"SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp5"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"govulncheck-vulndb-0.0.20250807T150727-1.1","product":{"name":"govulncheck-vulndb-0.0.20250807T150727-1.1","product_id":"govulncheck-vulndb-0.0.20250807T150727-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/govulncheck-vulndb@0.0.20250807T150727-1.1?upstream=govulncheck-vulndb-0.0.20250807T150727-1.1.src.rpm"}}},{"category":"product_version","name":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2","product":{"name":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2","product_id":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2","product_identification_helper":{"purl":"pkg:rpm/suse/govulncheck-vulndb@0.0.20250814T182633-160000.1.2?upstream=govulncheck-vulndb-0.0.20250814T182633-160000.1.2.src.rpm"}}},{"category":"product_version","name":"k3s-1.21.3+k3s1-1.2","product":{"name":"k3s-1.21.3+k3s1-1.2","product_id":"k3s-1.21.3+k3s1-1.2","product_identification_helper":{"purl":"pkg:rpm/suse/k3s@1.21.3+k3s1-1.2"}}},{"category":"product_version","name":"kubernetes","product":{"name":"kubernetes","product_id":"kubernetes","product_identification_helper":{"cpe":"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/kubernetes@"}}},{"category":"product_version","name":"kubernetes-client","product":{"name":"kubernetes-client","product_id":"kubernetes-client","product_identification_helper":{"cpe":"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/kubernetes-client@?upstream=kubernetes.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2"},"product_reference":"govulncheck-vulndb-0.0.20250814T182633-160000.1.2","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"govulncheck-vulndb-0.0.20250807T150727-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250807T150727-1.1"},"product_reference":"govulncheck-vulndb-0.0.20250807T150727-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"k3s-1.21.3+k3s1-1.2 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:k3s-1.21.3+k3s1-1.2"},"product_reference":"k3s-1.21.3+k3s1-1.2","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of Magnum Orchestration 7","product_id":"Magnum Orchestration 7:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"Magnum Orchestration 7"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Container as a Service Platform 2.0","product_id":"SUSE Container as a Service Platform 2.0:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Container as a Service Platform 2.0"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise High Performance Computing 12","product_id":"SUSE Linux Enterprise High Performance Computing 12:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kubernetes-client as component of SUSE Linux Enterprise Module for Public Cloud 12","product_id":"SUSE Linux Enterprise Module for Public Cloud 12:kubernetes-client"},"product_reference":"kubernetes-client","relates_to_product_reference":"SUSE Linux Enterprise Module for Public Cloud 12"},{"category":"default_component_of","full_product_name":{"name":"kubernetes as component of SUSE Linux Enterprise Module for Public Cloud 12","product_id":"SUSE Linux Enterprise Module for Public Cloud 12:kubernetes"},"product_reference":"kubernetes","relates_to_product_reference":"SUSE Linux Enterprise Module for Public Cloud 12"}]},"vulnerabilities":[{"cve":"CVE-2019-1002101","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-1002101"}],"notes":[{"category":"general","text":"The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user's machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.","title":"CVE description"}],"product_status":{"known_not_affected":["Magnum Orchestration 7:kubernetes","SUSE Container as a Service Platform 2.0:kubernetes","SUSE Linux Enterprise High Performance Computing 12:kubernetes","SUSE Linux Enterprise High Performance Computing 12:kubernetes-client","SUSE Linux Enterprise Module for Public Cloud 12:kubernetes","SUSE Linux Enterprise Module for Public Cloud 12:kubernetes-client","SUSE Linux Enterprise Server 12 SP3:kubernetes","SUSE Linux Enterprise Server 12 SP3:kubernetes-client","SUSE Linux Enterprise Server 12 SP4:kubernetes","SUSE Linux Enterprise Server 12 SP4:kubernetes-client","SUSE Linux Enterprise Server 12 SP5:kubernetes","SUSE Linux Enterprise Server 12 SP5:kubernetes-client","SUSE Linux Enterprise Server 12:kubernetes","SUSE Linux Enterprise Server 12:kubernetes-client","SUSE Linux Enterprise Server for SAP Applications 12 SP3:kubernetes","SUSE Linux Enterprise Server for SAP Applications 12 SP3:kubernetes-client","SUSE Linux Enterprise Server for SAP Applications 12 SP4:kubernetes","SUSE Linux Enterprise Server for SAP Applications 12 SP4:kubernetes-client","SUSE Linux Enterprise Server for SAP Applications 12 SP5:kubernetes","SUSE Linux Enterprise Server for SAP Applications 12 SP5:kubernetes-client","SUSE Linux Enterprise Server for SAP Applications 12:kubernetes","SUSE Linux Enterprise Server for SAP Applications 12:kubernetes-client"],"recommended":["SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2","openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250807T150727-1.1","openSUSE Tumbleweed:k3s-1.21.3+k3s1-1.2"]},"references":[{"category":"external","summary":"CVE-2019-1002101","url":"https://www.suse.com/security/cve/CVE-2019-1002101"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1131056 for CVE-2019-1002101","url":"https://bugzilla.suse.com/1131056"},{"category":"external","summary":"SUSE Bug 1138929 for CVE-2019-1002101","url":"https://bugzilla.suse.com/1138929"},{"category":"external","summary":"SUSE Bug 1144507 for CVE-2019-1002101","url":"https://bugzilla.suse.com/1144507"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2","openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250807T150727-1.1","openSUSE Tumbleweed:k3s-1.21.3+k3s1-1.2"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2","openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250807T150727-1.1","openSUSE Tumbleweed:k3s-1.21.3+k3s1-1.2"]}],"threats":[{"category":"impact","date":"2019-03-29T19:24:55Z","details":"moderate"}],"title":"CVE-2019-1002101"}]}