Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2021-01-21T17:09:21.689060Z

Updated: 2024-09-16T22:01:55.884Z

Reserved: 2020-02-03T00:00:00

Link: CVE-2020-8570

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-21T17:15:14.327

Modified: 2024-11-21T05:39:03.143

Link: CVE-2020-8570

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-01-12T00:00:00Z

Links: CVE-2020-8570 - Bugzilla