Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-4178

Опубликовано: 05 янв. 2022
Источник: redhat
CVSS3: 6.7

Описание

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

Отчет

Red Hat CodeReady Studio 12 is not affected by this flaw because it does not ship a vulnerable version of kubernetes-client; the version that it ships does not use SnakeYAML.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Quarkuskubernetes-clientAffected
Red Hat CodeReady Studio 12kubernetes-clientNot affected
Red Hat Decision Manager 7kubernetes-clientAffected
Red Hat Integration Camel K 1kubernetes-clientAffected
Red Hat JBoss Fuse 6kubernetes-clientNot affected
Red Hat OpenShift Container Platform 4jenkins-2-pluginsAffected
Red Hat Process Automation 7kubernetes-clientAffected
OCP-Tools-4.13-RHEL-8jenkins-2-pluginsFixedRHSA-2023:329924.05.2023
Red Hat AMQ Streams 1.6.7kubernetes-clientFixedRHSA-2022:046708.02.2022
Red Hat AMQ Streams 2.0.1kubernetes-clientFixedRHSA-2022:046908.02.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=2034388kubernetes-client: Insecure deserialization in unmarshalYaml method

6.7 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-4178

CVSS3: 6.7
nvd
больше 3 лет назад

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

github логотип

GHSA-98g7-rxmf-rrxm

CVSS3: 6.7
github
больше 3 лет назад

fabric8 kubernetes-client vulnerable

6.7 Medium

CVSS3