QwikSec

Security Database

CVE

CWE

Training

CVE-2020-8570

Published: Jan 21, 2021

Modified: Sep 16, 2024

PUBLISHED

Description

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

Vendor	Product	Versions
Kubernetes	Kubernetes Java Client	affected `all versions prior to 9.0` affected `9.0 - < 9.0.2` affected `10.0 - < 10.0.1`

Weaknesses (CWE)

References

https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg

x_refsource_MISC

https://github.com/kubernetes-client/java/issues/1491

x_refsource_MISC

[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554

mailing-list

x_refsource_MLIST

[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554

mailing-list

x_refsource_MLIST

[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554

mailing-list

x_refsource_MLIST

[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.