CVE-2020-8570
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Path Traversal in the Java Kubernetes Client
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | io.kubernetes:client-java | <9.0.2 | 9.0.2 |
| Maven | io.kubernetes:client-java | >=10.0.0,<10.0.1 | 10.0.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2020-8570
- https://github.com/kubernetes-client/java/issues/1491
- https://github.com/kubernetes-client/java/pull/1450
- https://github.com/kubernetes-client/java/commit/858316ae8bc1145005a0310e1f65f95d2389a589
- https://github.com/kubernetes-client/java
- https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg
- https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.