Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-8570: CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client · Issue #1491 · kubernetes-client/java

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

CVE
Open in Source
#java#kubernetes

There is a defect in the copy implementation in Copy.java that was fixed in #1450

The summary of the issue is that you copy a file from a malicious pod with a specially crafted tarball, it may extract to any file that your user has permission to write.

This issue was fixed in release 9.0.2, 10.0.1 and 11.0.0 users are strongly encouraged to upgrade to those versions.

Related news

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE