Code exec via yaml parsing
CVE-2021-25738

6.7MEDIUM

Key Information:

Vendor

Kubernetes
Status
Kubernetes Java Client
Vendor
CVE Published:
11 October 2021

What is CVE-2021-25738?

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

Affected Version(s)

Kubernetes Java Client v12.0.0

Kubernetes Java Client <= unspecified

Kubernetes Java Client <= unspecified

References

https://groups.google.com/g/kubernetes-security-announce/...
x_refsource_MISC
https://github.com/kubernetes-client/java/issues/1698
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/08/23/2
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jordy Versmissen
.