Vulnerability Details CVE-2021-20218
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 41.9%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.8
Products affected by CVE-2021-20218
-
cpe:2.3:a:redhat:a-mq_online:-
-
cpe:2.3:a:redhat:build_of_quarkus:-
-
cpe:2.3:a:redhat:codeready_studio:12.0
-
cpe:2.3:a:redhat:descision_manager:7.0
-
cpe:2.3:a:redhat:integration_camel_k:-
-
cpe:2.3:a:redhat:jboss_fuse:7.0.0
-
cpe:2.3:a:redhat:kubernetes-client:4.10.0
-
cpe:2.3:a:redhat:kubernetes-client:4.10.1
-
cpe:2.3:a:redhat:kubernetes-client:4.10.2
-
cpe:2.3:a:redhat:kubernetes-client:4.10.3
-
cpe:2.3:a:redhat:kubernetes-client:4.11.0
-
cpe:2.3:a:redhat:kubernetes-client:4.11.1
-
cpe:2.3:a:redhat:kubernetes-client:4.12.0
-
cpe:2.3:a:redhat:kubernetes-client:4.13.0
-
cpe:2.3:a:redhat:kubernetes-client:4.13.1
-
cpe:2.3:a:redhat:kubernetes-client:4.2.0
-
cpe:2.3:a:redhat:kubernetes-client:4.2.1
-
cpe:2.3:a:redhat:kubernetes-client:4.2.2
-
cpe:2.3:a:redhat:kubernetes-client:4.3.0
-
cpe:2.3:a:redhat:kubernetes-client:4.3.1
-
cpe:2.3:a:redhat:kubernetes-client:4.4.0
-
cpe:2.3:a:redhat:kubernetes-client:4.4.1
-
cpe:2.3:a:redhat:kubernetes-client:4.4.2
-
cpe:2.3:a:redhat:kubernetes-client:4.5.0
-
cpe:2.3:a:redhat:kubernetes-client:4.5.1
-
cpe:2.3:a:redhat:kubernetes-client:4.5.2
-
cpe:2.3:a:redhat:kubernetes-client:4.6.0
-
cpe:2.3:a:redhat:kubernetes-client:4.6.1
-
cpe:2.3:a:redhat:kubernetes-client:4.6.2
-
cpe:2.3:a:redhat:kubernetes-client:4.6.3
-
cpe:2.3:a:redhat:kubernetes-client:4.6.4
-
cpe:2.3:a:redhat:kubernetes-client:4.7.0
-
cpe:2.3:a:redhat:kubernetes-client:4.7.1
-
cpe:2.3:a:redhat:kubernetes-client:4.8.0
-
cpe:2.3:a:redhat:kubernetes-client:4.9.0
-
cpe:2.3:a:redhat:kubernetes-client:4.9.1
-
cpe:2.3:a:redhat:kubernetes-client:4.9.2
-
cpe:2.3:a:redhat:kubernetes-client:5.0.0
-
cpe:2.3:a:redhat:kubernetes-client:5.0.1
-
cpe:2.3:a:redhat:openshift_container_platform:3.11
-
cpe:2.3:a:redhat:process_automation:7.0