What is CVE-2021-20218?

CVE-2021-20218 is a high-severity vulnerability in Redhat A-mq_online, classified under Path Traversal. CVSS score: 7.4/10. Published 2021-03-16.

How severe is CVE-2021-20218?

High severity. CVSS v3 base score is 7.4 out of 10.

Path Traversal in Redhat A-mq_online

CVE-2021-20218

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. Th…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.013 (66.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Redhat A-mq_online
Redhat Build_of_quarkus
Redhat Codeready_studio — versions 12.0
Redhat Descision_manager — versions 7.0
Redhat Integration_camel_k
Redhat Jboss_fuse — versions 7.0.0
Redhat Kubernetes-client
Redhat Openshift_container_platform — versions 3.11
Redhat Process_automation — versions 7.0
N/a Fabric8-kubernetes-client — versions kubernetes-client-4.2.0 and after

Weakness classification (CWE)

CWE-22 — Path Traversal

References

secalert@redhat.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)
secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2021-20218?: CVE-2021-20218 is a high-severity vulnerability in Redhat A-mq_online, classified under Path Traversal. CVSS score: 7.4/10. Published 2021-03-16.
How severe is CVE-2021-20218?: High severity. CVSS v3 base score is 7.4 out of 10.