A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| redhat | kubernetes-client | 4.2.0 - 4.7.2 | - |
| redhat | kubernetes-client | 4.8.0 - 4.11.2 | - |
| redhat | kubernetes-client |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
12
Affected Products
4
References
redhat / kubernetes-client
| 4.12.0 - 4.13.2 |
| - |
| redhat | kubernetes-client | 5.0.0 - 5.0.2 | - |
| redhat | a-mq_online | - | - |
| redhat | build_of_quarkus | - | - |
| redhat | codeready_studio | - | - |
| redhat | descision_manager | - | - |
| redhat | integration_camel_k | - | - |
| redhat | jboss_fuse | - | - |
| redhat | openshift_container_platform | - | - |
| redhat | process_automation | - | - |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Exploitability
Impact