A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-4178 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2034388 | Issue Tracking Vendor Advisory |
https://github.com/advisories/GHSA-98g7-rxmf-rrxm | Third Party Advisory |
https://github.com/fabric8io/kubernetes-client/issues/3653 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
04 Oct 2022, 17:55
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/fabric8io/kubernetes-client/issues/3653 - Issue Tracking, Third Party Advisory |
29 Aug 2022, 13:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:fabric8-kubernetes:5.8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_quarkus:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:fuse:7.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:fabric8-kubernetes:5.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:redhat:fabric8-kubernetes:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:a-mq_streams:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_quarkus:2.2.5:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* |
|
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
First Time |
Redhat descision Manager
Redhat integration Camel Quarkus Redhat a-mq Streams Redhat process Automation Redhat Redhat integration Camel K Redhat fabric8-kubernetes Redhat fuse Redhat build Of Quarkus Redhat openshift Application Runtimes |
|
References | (MISC) https://github.com/fabric8io/kubernetes-client/issues/3653 - Third Party Advisory | |
References | (MISC) https://github.com/advisories/GHSA-98g7-rxmf-rrxm - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2034388 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2021-4178 - Vendor Advisory |
24 Aug 2022, 16:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-24 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-4178
Mitre link : CVE-2021-4178
CVE.ORG link : CVE-2021-4178
JSON object : View
Products Affected
redhat
- fabric8-kubernetes
- descision_manager
- a-mq_streams
- openshift_application_runtimes
- integration_camel_k
- integration_camel_quarkus
- process_automation
- fuse
- build_of_quarkus
CWE
CWE-502
Deserialization of Untrusted Data