CVE Vulnerability

CVE-2020-8570

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/kubernetes-client/java/issues/1491 Issue Tracking Patch
https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E Issue Tracking Mailing List
Configurations

Configuration 1

cpe:2.3:a:kubernetes:java:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:java:*:*:*:*:*:*:*:*
Information

Published : 2021-01-21 05:15

Updated : 2022-10-07 02:20

NVD link : CVE-2020-8570

Mitre link : CVE-2020-8570

Products Affected
No products.
CWE
CWE-22