{"containers":{"cna":{"affected":[{"product":"Kubernetes Java Client","vendor":"Kubernetes","versions":[{"status":"affected","version":"all versions prior to 9.0"},{"lessThan":"9.0.2","status":"affected","version":"9.0","versionType":"custom"},{"lessThan":"10.0.1","status":"affected","version":"10.0","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Discovered via CodeQL automated scanning on GitHub"}],"datePublic":"2021-01-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-23","description":"CWE-23 Relative Path Traversal","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-02-04T00:06:10.000Z","orgId":"a6081bf6-c852-4425-ad4f-a67919267565","shortName":"kubernetes"},"references":[{"tags":["x_refsource_MISC"],"url":"https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"},{"tags":["x_refsource_MISC"],"url":"https://github.com/kubernetes-client/java/issues/1491"},{"name":"[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3%40%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6%40%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E"}],"solutions":[{"lang":"en","value":"Upgrade to 9.0.2, 10.0.1 or 11.0.0 versions of the library."}],"source":{"defect":["https://github.com/kubernetes-client/java/issues/1491"],"discovery":"UNKNOWN"},"title":"Kubernetes Java client libraries unvalidated path traversal in Copy implementation","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@kubernetes.io","DATE_PUBLIC":"2021-01-11T23:15:00.000Z","ID":"CVE-2020-8570","STATE":"PUBLIC","TITLE":"Kubernetes Java client libraries unvalidated path traversal in Copy implementation"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Kubernetes Java Client","version":{"version_data":[{"version_affected":"<","version_name":"9.0","version_value":"9.0.2"},{"version_affected":"<","version_name":"10.0","version_value":"10.0.1"},{"version_value":"all versions prior to 9.0"}]}}]},"vendor_name":"Kubernetes"}]}},"credit":[{"lang":"eng","value":"Discovered via CodeQL automated scanning on GitHub"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code."}]},"generator":{"engine":"Vulnogram 0.0.9"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-23 Relative Path Traversal"}]}]},"references":{"reference_data":[{"name":"https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg","refsource":"MISC","url":"https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"},{"name":"https://github.com/kubernetes-client/java/issues/1491","refsource":"MISC","url":"https://github.com/kubernetes-client/java/issues/1491"},{"name":"[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E"}]},"solution":[{"lang":"en","value":"Upgrade to 9.0.2, 10.0.1 or 11.0.0 versions of the library."}],"source":{"defect":["https://github.com/kubernetes-client/java/issues/1491"],"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T10:03:46.133Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/kubernetes-client/java/issues/1491"},{"name":"[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3%40%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6%40%3Ccommits.druid.apache.org%3E"},{"name":"[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E"}]}]},"cveMetadata":{"assignerOrgId":"a6081bf6-c852-4425-ad4f-a67919267565","assignerShortName":"kubernetes","cveId":"CVE-2020-8570","datePublished":"2021-01-21T17:09:21.689Z","dateReserved":"2020-02-03T00:00:00.000Z","dateUpdated":"2024-09-16T22:01:55.884Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}