A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:redhat:a-mq_streams:2.0.1:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:a-mq_streams",
"extracted_events": [
{
"introduced": "2.0.1"
},
{
"last_affected": "2.0.1"
}
],
"source": "CPE_STRING"
},
{
"vendor_product": "redhat:build_of_quarkus",
"cpes": [
"cpe:2.3:a:redhat:build_of_quarkus:2.2.5:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.2.5"
},
{
"last_affected": "2.2.5"
}
],
"source": "CPE_STRING"
},
{
"vendor_product": "redhat:descision_manager",
"cpes": [
"cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
]
},
{
"vendor_product": "redhat:fabric8-kubernetes",
"cpes": [
"cpe:2.3:a:redhat:fabric8-kubernetes:5.0.0:beta1:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "5.0.0-beta1"
},
{
"last_affected": "5.0.0-beta1"
}
]
},
{
"cpes": [
"cpe:2.3:a:redhat:fuse:7.11:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:fuse",
"extracted_events": [
{
"introduced": "7.11"
},
{
"last_affected": "7.11"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:a:redhat:integration_camel_quarkus:2.2.1:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:integration_camel_quarkus",
"extracted_events": [
{
"introduced": "2.2.1"
},
{
"last_affected": "2.2.1"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:process_automation",
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": [
"cpe:2.3:a:redhat:fabric8-kubernetes:*:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:fabric8-kubernetes:5.8.0:*:*:*:*:*:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"extracted_events": [
{
"introduced": "5.0.1"
},
{
"fixed": "5.0.3"
},
{
"introduced": "5.1.0"
},
{
"fixed": "5.1.2"
},
{
"introduced": "5.2.0"
},
{
"fixed": "5.3.2"
},
{
"introduced": "5.5.0"
},
{
"fixed": "5.7.4"
},
{
"introduced": "5.9.0"
},
{
"fixed": "5.10.2"
},
{
"introduced": "5.11.0"
},
{
"fixed": "5.11.2"
},
{
"introduced": "5.8.0"
},
{
"last_affected": "5.8.0"
}
]
}