kubectl creates world-writeable cached schema files

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.

N/A

通过缓存导致的信息暴露

Google Kubernetes 权限许可和访问控制问题漏洞

Google Kubernetes是美国谷歌（Google）公司的一套开源的Docker容器集群管理系统。该系统为容器化的应用提供资源调度、部署运行、服务发现和扩容缩容等功能。 Google Kubernetes v1.8.x版本至1.14.x版本中存在安全漏洞。攻击者可利用该漏洞造成kubectl无法被调用。

N/A

N/A