CVE-2020-8570

Summary

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetes Java Clientall versions prior to 9.0affected
KubernetesKubernetes Java Client9.0 < 9.0.2affected
KubernetesKubernetes Java Client10.0 < 10.0.1affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References