CVE-2020-8570: Kubernetes Java Client -Path Traversal
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base score of this vulnerability is not disclosed at this time by either NVD or by vendor.
1.3 Affected Version
All versions prior to 9.0.2
1.4 Vulnerability Attribution
These vulnerabilities were discovered and reported Kubernetes.
1.5 Risk Impact
Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management.
Per this website there is widespread adoption of Kubernetes (91%), especially in production environments (75%). Supported by a robust community of contributors, Kubernetes has taken significant market share away from other container management tools such as Docker Swarm and Amazon Elastic Container Service (ECS).
Exploiting this vulnerability can lead to exfiltration of sensitive data via path traversal and affecting the entire organization’s production infrastructure confidential information . There are no publicly available exploits.
1.6 Virsec Security Platform (VSP) Support:
VSP-Web has capability that can detect Path Traversal attacks and prevent this attack from being exploited.
1.7 Reference Links:
- NVD - CVE-2020-8570 (nist.gov)
- CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client · Issue #1491 · kubernetes-client/java · GitHub
- Fwd: [Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client (google.com)
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!