Base Score

MEDIUM6.7

CVE-2021-4178

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateAug 24, 2022, 16:15

Affected Versions(7)

io.fabric8:kubernetes-client(Maven)

Introduced5.0.0-beta-1

Fixed5.0.3

LimitN/A

io.fabric8:kubernetes-client(Maven)

Introduced5.1.0

Fixed5.1.2

LimitN/A

io.fabric8:kubernetes-client(Maven)

Introduced5.2.0

Fixed5.3.2

LimitN/A

io.fabric8:kubernetes-client(Maven)

Introduced5.5.0

Fixed5.7.4

LimitN/A

io.fabric8:kubernetes-client(Maven)

Introduced5.8.0

Fixed5.8.1

LimitN/A

io.fabric8:kubernetes-client(Maven)

Introduced5.9.0

Fixed5.10.2

LimitN/A

io.fabric8:kubernetes-client(Maven)

Introduced5.11.0

Fixed5.11.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
io.fabric8:kubernetes-client(Maven)	5.0.0-beta-1	5.0.3	N/A
io.fabric8:kubernetes-client(Maven)	5.1.0	5.1.2	N/A
io.fabric8:kubernetes-client(Maven)	5.2.0	5.3.2	N/A
io.fabric8:kubernetes-client(Maven)	5.5.0	5.7.4	N/A
io.fabric8:kubernetes-client(Maven)	5.8.0	5.8.1	N/A
io.fabric8:kubernetes-client(Maven)	5.9.0	5.10.2	N/A
io.fabric8:kubernetes-client(Maven)	5.11.0	5.11.2	N/A

Weakness Type (CWE):CWE-502

CVSS Metrics

Base Score

6.7

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

MEDIUM6.7

Weakness Type (CWE):CWE-502

CVSS Metrics

Base Score

6.7

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

CVE-2021-4178

VectorLOCAL

Published Bysecalert@redhat.com

Published DateAug 24, 2022, 16:15

Package (Ecosystem)

Introduced

Fixed

Limit

io.fabric8:kubernetes-client(Maven)

5.0.0-beta-1

5.0.3

N/A

io.fabric8:kubernetes-client(Maven)

5.1.0

5.1.2

N/A

io.fabric8:kubernetes-client(Maven)

5.2.0

5.3.2

N/A

io.fabric8:kubernetes-client(Maven)

5.5.0

5.7.4

N/A

io.fabric8:kubernetes-client(Maven)

5.8.0

5.8.1

N/A

io.fabric8:kubernetes-client(Maven)

5.9.0

5.10.2

N/A

io.fabric8:kubernetes-client(Maven)

5.11.0

5.11.2

N/A