CVE-2020-8570 – io.kubernetes:client-java

Package

Manager: maven
Name: io.kubernetes:client-java
Vulnerable Version: >=0 <9.0.2 || =10.0.0 || >=10.0.0 <10.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00791 pctl0.73039

Details

Path Traversal in the Java Kubernetes Client Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

Metadata

Created: 2021-01-29T18:12:54Z
Modified: 2022-10-07T20:36:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-cghx-9gcr-r42x/GHSA-cghx-9gcr-r42x.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-cghx-9gcr-r42x
Finding: F063
Auto approve: 1