CVE-2021-20218
fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2
Se encontró un fallo en fabric8 kubernetes-client en versión 4.2.0 y posteriores. Este fallo permite a un pod/container malicioso causar que unas aplicaciones que usan el comando "copy" de fabric8 kubernetes-client extraigan archivos fuera de la ruta de trabajo. La mayor amenaza de esta vulnerabilidad es la integridad y la disponibilidad del sistema. Esto ha sido corregido en kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-03-16 CVE Published
- 2023-11-30 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/fabric8io/kubernetes-client/issues/2715 | 2021-03-25 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1923405 | 2021-03-25 | |
| https://access.redhat.com/security/cve/CVE-2021-20218 | 2022-01-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Kubernetes-client Search vendor "Redhat" for product "Kubernetes-client" | >= 4.2.0 < 4.7.2 Search vendor "Redhat" for product "Kubernetes-client" and version " >= 4.2.0 < 4.7.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Kubernetes-client Search vendor "Redhat" for product "Kubernetes-client" | >= 4.8.0 < 4.11.2 Search vendor "Redhat" for product "Kubernetes-client" and version " >= 4.8.0 < 4.11.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Kubernetes-client Search vendor "Redhat" for product "Kubernetes-client" | >= 4.12.0 < 4.13.2 Search vendor "Redhat" for product "Kubernetes-client" and version " >= 4.12.0 < 4.13.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Kubernetes-client Search vendor "Redhat" for product "Kubernetes-client" | >= 5.0.0 < 5.0.2 Search vendor "Redhat" for product "Kubernetes-client" and version " >= 5.0.0 < 5.0.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | A-mq Online Search vendor "Redhat" for product "A-mq Online" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Studio Search vendor "Redhat" for product "Codeready Studio" | 12.0 Search vendor "Redhat" for product "Codeready Studio" and version "12.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Descision Manager Search vendor "Redhat" for product "Descision Manager" | 7.0 Search vendor "Redhat" for product "Descision Manager" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Camel K Search vendor "Redhat" for product "Integration Camel K" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse" | 7.0.0 Search vendor "Redhat" for product "Jboss Fuse" and version "7.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | 7.0 Search vendor "Redhat" for product "Process Automation" and version "7.0" | - |
Affected
| ||||||