1915464 – (CVE-2020-8570) CVE-2020-8570 kubernetes-client: Path Traversal bug in the Java kubernetes client

Bug 1915464 (CVE-2020-8570) - CVE-2020-8570 kubernetes-client: Path Traversal bug in the Java kubernetes client

Summary: CVE-2020-8570 kubernetes-client: Path Traversal bug in the Java kubernetes cl...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-8570
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1915466
TreeView+	depends on / blocked

Reported:	2021-01-12 17:11 UTC by Pedro Sampaio
Modified:	2024-03-28 05:32 UTC (History)
CC List:	28 users (show)
Fixed In Version:	kubernetes-client 10.0.1, kubernetes-client 9.0.2, kubernetes-client 11.0.0
Clone Of:
Environment:
Last Closed:	2021-02-10 22:09:43 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-01-12 17:11:49 UTC

A security issue was discovered in Kubernetes Java Client that could overwrite files outside of the current directory when copying files from a
Pod.

Upstream issue:

https://github.com/kubernetes-client/java/issues/1491

Comment 3 Product Security DevOps Team 2021-02-10 22:09:43 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8570

Note You need to log in before you can comment on or make changes to this bug.

2392626744
540513762
aileenc
akoufoud
alazarot
almorale
anstephe
bibryam
chazlett
drieden
etirelli
ganandan
ggaughan
gmalinko
hbraun
ibek
janstey
jochrist
jstastny
jwon
krathod
kverlaen
mnovotny
pantinor
pjindal
rrajasek
rsynek
sdaley