PT-2021-13849 · Unknown · Fabric 8 Kubernetes Client

Ivan Bodrov

Published

2021-03-16

Updated

2022-05-24

CVE-2021-20218

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions: fabric8 kubernetes-client versions 4.2.0 and after

Description: A flaw was found in the fabric8 kubernetes-client that allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.

Recommendations: For versions prior to 4.7.2, update to kubernetes-client-4.7.2. For versions prior to 4.11.2, update to kubernetes-client-4.11.2. For versions prior to 4.13.2, update to kubernetes-client-4.13.2. For versions prior to 5.0.2, update to kubernetes-client-5.0.2.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-20218

GHSA-JWH2-FFG4-48XC

RHSA-2021:1006

Affected Products

Fabric 8 Kubernetes Client

PT-2021-13849 · Unknown · Fabric 8 Kubernetes Client

CVE-2021-20218

Weakness Enumeration

Related Identifiers

Affected Products

References · 6