Описание
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CodeReady Studio 12 | kubernetes-client | Not affected | ||
| Red Hat Decision Manager 7 | kubernetes-client | Not affected | ||
| Red Hat Fuse 7 | kubernetes-client | Not affected | ||
| Red Hat Integration Camel K 1 | kubernetes-client | Not affected | ||
| Red Hat JBoss Fuse 6 | kubernetes-client | Not affected | ||
| Red Hat Process Automation 7 | kubernetes-client | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1915464kubernetes-client: Path Traversal bug in the Java kubernetes client
7.4 High
CVSS3
Связанные уязвимости
CVSS3: 9.1
nvd
около 5 лет назад
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
7.4 High
CVSS3