Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory
Vulnerability Description
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
kaniko 路径遍历漏洞
Vulnerability Description
kaniko是Chainguard Forks开源的一个在Kubernetes中构建容器映像的工具。 kaniko 1.25.10之前版本存在路径遍历漏洞,该漏洞源于解压构建上下文归档时未确保最终路径在目标目录内,可能导致路径遍历和任意文件写入,进而结合凭证助手实现代码执行。
CVSS Information
N/A
Vulnerability Type
N/A