Описание
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.0.2 (исключая)Версия от 10.0.0 (включая) до 10.0.1 (исключая)
Одно из
cpe:2.3:a:kubernetes:java:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:java:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01085
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-23
CWE-22
Связанные уязвимости
CVSS3: 7.4
redhat
около 5 лет назад
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
EPSS
Процентиль: 77%
0.01085
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-23
CWE-22