CVE-2018-1002100

Name of the Vulnerable Software and Affected Versions: Kubernetes versions 1.5.x through 1.9.5

Description: The issue concerns the insecure handling of tar data by the kubectl cp command, which can lead to the overwrite of arbitrary local files. This is a result of how the command manages data returned from the container.

Recommendations: For versions 1.5.x through 1.9.5, consider updating to a version that includes the fix for this issue, specifically version 1.9.6 or later, to prevent the insecure handling of tar data and potential overwrite of local files. As a temporary workaround, restrict the use of the kubectl cp command until a patch is applied.