Lucene search

RedhatCVE-2021-20218

HistoryMar 16, 2021 - 9:15 p.m.

CVE-2021-20218

2021-03-1621:15:10

CWE-22

redhat

web.nvd.nist.gov

cve-2021-20218

fabric8

kubernetes

file extraction

vulnerability

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

40.7%

JSON

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2

Affected configurations

Nvd

Vulners

Node

redhatkubernetes-clientRange4.2.0–4.7.2

redhatkubernetes-clientRange4.8.0–4.11.2

redhatkubernetes-clientRange4.12.0–4.13.2

redhatkubernetes-clientRange5.0.0–5.0.2

Node

redhata-mq_onlineMatch-

redhatbuild_of_quarkusMatch-

redhatcodeready_studioMatch12.0

redhatdescision_managerMatch7.0

redhatintegration_camel_kMatch-

redhatjboss_fuseMatch7.0.0

redhatopenshift_container_platformMatch3.11

redhatprocess_automationMatch7.0

VendorProductVersionCPE
redhatkubernetes-client*cpe:2.3:a:redhat:kubernetes-client:*:*:*:*:*:*:*:*
redhata-mq_online-cpe:2.3:a:redhat:a-mq_online:-:*:*:*:*:*:*:*
redhatbuild_of_quarkus-cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
redhatcodeready_studio12.0cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
redhatdescision_manager7.0cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
redhatintegration_camel_k-cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
redhatjboss_fuse7.0.0cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
redhatopenshift_container_platform3.11cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
redhatprocess_automation7.0cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	kubernetes-client	*	cpe:2.3:a:redhat:kubernetes-client::::::::
redhat	a-mq_online	-	cpe:2.3:a:redhat:a-mq_online:-:::::::*
redhat	build_of_quarkus	-	cpe:2.3:a:redhat:build_of_quarkus:-:::::::*
redhat	codeready_studio	12.0	cpe:2.3:a:redhat:codeready_studio:12.0:::::::*
redhat	descision_manager	7.0	cpe:2.3:a:redhat:descision_manager:7.0:::::::*
redhat	integration_camel_k	-	cpe:2.3:a:redhat:integration_camel_k:-:::::::*
redhat	jboss_fuse	7.0.0	cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*
redhat	openshift_container_platform	3.11	cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
redhat	process_automation	7.0	cpe:2.3:a:redhat:process_automation:7.0:::::::*

CNA Affected

[
  {
    "product": "fabric8-kubernetes-client",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "kubernetes-client-4.2.0 and after"
      }
    ]
  }
]