CVE-2020-8570

CVE-2020-8570: Kubernetes Java client libraries unvalidated path traversal in Copy implementation

Vendor Kubernetes

Product Kubernetes Java Client

Weakness CWE-23

Published January 21, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

Key dates

Disclosure timeline

January 21, 2021 CVE published

September 16, 2024 Record updated

Identifiers

CVE CVE-2020-8570

CWE CWE-23

Affected versions

Vendor Kubernetes

Product Kubernetes Java Client

Affected all versions prior to 9.0

Vendor Kubernetes

Product Kubernetes Java Client

Affected ≥ 9.0 and < 9.0.2

Vendor Kubernetes

Product Kubernetes Java Client

Affected ≥ 10.0 and < 10.0.1