CVE-2021-4178
kubernetes-client: Insecure deserialization in unmarshalYaml method
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
Se ha encontrado un fallo de ejecución de código arbitrario en el cliente de Kubernetes Fabric 8 afectando a versiones 5.0.0-beta-1 y superiores. Debido a una configuración incorrecta del análisis de YAML, esto permitirá a un atacante local y con privilegios suministrar YAML malicioso.
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.7 serves as a replacement for Red Hat AMQ Streams 1.6.6, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-12-27 CVE Reserved
- 2022-02-09 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/advisories/GHSA-98g7-rxmf-rrxm | Third Party Advisory | |
| https://github.com/fabric8io/kubernetes-client/issues/3653 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-4178 | 2022-10-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2034388 | 2022-10-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Fabric8-kubernetes Search vendor "Redhat" for product "Fabric8-kubernetes" | >= 5.0.1 < 5.0.3 Search vendor "Redhat" for product "Fabric8-kubernetes" and version " >= 5.0.1 < 5.0.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fabric8-kubernetes Search vendor "Redhat" for product "Fabric8-kubernetes" | >= 5.1.0 < 5.1.2 Search vendor "Redhat" for product "Fabric8-kubernetes" and version " >= 5.1.0 < 5.1.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fabric8-kubernetes Search vendor "Redhat" for product "Fabric8-kubernetes" | >= 5.2.0 < 5.3.2 Search vendor "Redhat" for product "Fabric8-kubernetes" and version " >= 5.2.0 < 5.3.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fabric8-kubernetes Search vendor "Redhat" for product "Fabric8-kubernetes" | >= 5.5.0 < 5.7.4 Search vendor "Redhat" for product "Fabric8-kubernetes" and version " >= 5.5.0 < 5.7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fabric8-kubernetes Search vendor "Redhat" for product "Fabric8-kubernetes" | >= 5.9.0 < 5.10.2 Search vendor "Redhat" for product "Fabric8-kubernetes" and version " >= 5.9.0 < 5.10.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fabric8-kubernetes Search vendor "Redhat" for product "Fabric8-kubernetes" | >= 5.11.0 < 5.11.2 Search vendor "Redhat" for product "Fabric8-kubernetes" and version " >= 5.11.0 < 5.11.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fabric8-kubernetes Search vendor "Redhat" for product "Fabric8-kubernetes" | 5.0.0 Search vendor "Redhat" for product "Fabric8-kubernetes" and version "5.0.0" | beta1 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fabric8-kubernetes Search vendor "Redhat" for product "Fabric8-kubernetes" | 5.8.0 Search vendor "Redhat" for product "Fabric8-kubernetes" and version "5.8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | A-mq Streams Search vendor "Redhat" for product "A-mq Streams" | 2.0.1 Search vendor "Redhat" for product "A-mq Streams" and version "2.0.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus" | 2.2.5 Search vendor "Redhat" for product "Build Of Quarkus" and version "2.2.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Descision Manager Search vendor "Redhat" for product "Descision Manager" | 7.0 Search vendor "Redhat" for product "Descision Manager" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Fuse Search vendor "Redhat" for product "Fuse" | 7.11 Search vendor "Redhat" for product "Fuse" and version "7.11" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Camel K Search vendor "Redhat" for product "Integration Camel K" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Integration Camel Quarkus Search vendor "Redhat" for product "Integration Camel Quarkus" | 2.2.1 Search vendor "Redhat" for product "Integration Camel Quarkus" and version "2.2.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Application Runtimes Search vendor "Redhat" for product "Openshift Application Runtimes" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | 7.0 Search vendor "Redhat" for product "Process Automation" and version "7.0" | - |
Affected
| ||||||