CVE-2021-20218
fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2
Se encontró un fallo en fabric8 kubernetes-client en versión 4.2.0 y posteriores. Este fallo permite a un pod/container malicioso causar que unas aplicaciones que usan el comando "copy" de fabric8 kubernetes-client extraigan archivos fuera de la ruta de trabajo. La mayor amenaza de esta vulnerabilidad es la integridad y la disponibilidad del sistema. Esto ha sido corregido en kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability.
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.12.0 serves as an update to Red Hat Decision Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-03-16 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/fabric8io/kubernetes-client/issues/2715 | 2021-03-25 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1923405 | 2021-03-25 | |
| https://access.redhat.com/security/cve/CVE-2021-20218 | 2022-01-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Kubernetes-client Search vendor "Redhat" for product "Kubernetes-client" | >= 4.2.0 < 4.7.2 Search vendor "Redhat" for product "Kubernetes-client" and version " >= 4.2.0 < 4.7.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Kubernetes-client Search vendor "Redhat" for product "Kubernetes-client" | >= 4.8.0 < 4.11.2 Search vendor "Redhat" for product "Kubernetes-client" and version " >= 4.8.0 < 4.11.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Kubernetes-client Search vendor "Redhat" for product "Kubernetes-client" | >= 4.12.0 < 4.13.2 Search vendor "Redhat" for product "Kubernetes-client" and version " >= 4.12.0 < 4.13.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Kubernetes-client Search vendor "Redhat" for product "Kubernetes-client" | >= 5.0.0 < 5.0.2 Search vendor "Redhat" for product "Kubernetes-client" and version " >= 5.0.0 < 5.0.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | A-mq Online Search vendor "Redhat" for product "A-mq Online" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Studio Search vendor "Redhat" for product "Codeready Studio" | 12.0 Search vendor "Redhat" for product "Codeready Studio" and version "12.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Descision Manager Search vendor "Redhat" for product "Descision Manager" | 7.0 Search vendor "Redhat" for product "Descision Manager" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Camel K Search vendor "Redhat" for product "Integration Camel K" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse" | 7.0.0 Search vendor "Redhat" for product "Jboss Fuse" and version "7.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | 7.0 Search vendor "Redhat" for product "Process Automation" and version "7.0" | - |
Affected
| ||||||