Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Oct 2022, 02:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 9.1 |
References | (MLIST) https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (CONFIRM) https://github.com/kubernetes-client/java/issues/1491 - Issue Tracking, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory |
04 Feb 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Feb 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2021, 18:23
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://github.com/kubernetes-client/java/issues/1491 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:kubernetes:java:*:*:*:*:*:*:*:* | |
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 7.5 |
21 Jan 2021, 18:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-21 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-8570
Mitre link : CVE-2020-8570
CVE.ORG link : CVE-2020-8570
JSON object : View
Products Affected
kubernetes
- java