PT-2022-11483 · Unknown · Fabric 8 Kubernetes Client
Jordy
+1
·
Published
2022-07-15
·
Updated
2022-10-04
·
CVE-2021-4178
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Fabric 8 Kubernetes client versions 5.0.0-beta-1 and above
Description
A flaw was found in the Fabric 8 Kubernetes client due to improperly configured YAML parsing, allowing a local and privileged attacker to supply malicious YAML, which can lead to arbitrary code execution.
Recommendations
For versions 5.0.0-beta-1 and above, consider disabling the YAML parsing functionality until a patch is available to prevent exploitation.
Restrict access to the Fabric 8 Kubernetes client to minimize the risk of exploitation by a local and privileged attacker.
Avoid using the client with untrusted input to prevent the supply of malicious YAML.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Deserialization of Untrusted Data
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fabric 8 Kubernetes Client