Disclosing a directory traversal vulnerability in Kubernetes copy

This note refers to the kubectl cp command, which allows copying files between containers and the user machine. This vulnerability was ultimately a “classic” directory traversal – paths include directory climbing using (dot dot slash) were not sanitized, allowing malicious containers to write any file to any path on the user machine when copied from. To copy files from the user machine to a container, kubectl creates a tar with the files and unpacks it inside the container.

Source: www.twistlock.com