CVE-2021-20218
CVSS v3.1
7.4 (High)
CVSS v2.0
5.8 (Medium)
EPSS
0.10 % (41th)
Affected Products
9
Advisories
1
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy
command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2
Weaknesses
- CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2021-03-16 21:15:10
(3 years ago) - Updated Date
-
2021-03-25 18:43:53
(3 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...