7.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-20218

CVE-2021-20218: Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-20218

CVE-2021-20218:

7.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
io.fabric8:kubernetes-client	maven	>= 4.2.0, <= 4.7.1	4.7.2
io.fabric8:kubernetes-client	maven	>= 4.8.0, <= 4.11.1	4.11.2
io.fabric8:kubernetes-client	maven	>= 4.12.0, <= 4.13.1	4.13.2
io.fabric8:kubernetes-client	maven	>= 5.0.0, <= 5.0.1	5.0.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests in the tar entry processing loop where file paths were constructed directly from untrusted archive entry names. The patch adds normalization via FilenameUtils.normalize() to prevent path traversal. The anonymous Runnable's run() method in PodOperationsImpl contained the unvalidated path construction, making it the vulnerable execution point visible in profilers when extracting malicious archives.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2021-20218: Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client

CVE-2021-20218:

7.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

7.4

7.4

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2021-20218: Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI