Vulnerabilities > CVE-2021-4178 - Deserialization of Untrusted Data vulnerability in Redhat products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

redhat

CWE-502

NVD

Published: 2022-08-24

Updated: 2022-10-04

Summary

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Fabric8 Kubernetes 5.1.0 Redhat Fabric8 Kubernetes 5.1.1 Redhat Fabric8 Kubernetes 5.2.0 Redhat Fabric8 Kubernetes 5.2.1 Redhat Fabric8 Kubernetes 5.3.0 Redhat Fabric8 Kubernetes 5.3.1 Redhat Fabric8 Kubernetes 5.8.0 Redhat Fabric8 Kubernetes 5.5.0 Redhat Fabric8 Kubernetes 5.6.0 Redhat Fabric8 Kubernetes 5.7.0 Redhat Fabric8 Kubernetes 5.7.1 Redhat Fabric8 Kubernetes 5.7.2 Redhat Fabric8 Kubernetes 5.7.3 Redhat Fabric8 Kubernetes 5.0.0 Redhat Fabric8 Kubernetes 5.0.1 Redhat Fabric8 Kubernetes 5.0.2 Redhat Fabric8 Kubernetes 5.11.0 Redhat Fabric8 Kubernetes 5.11.1 Redhat Fabric8 Kubernetes 5.9.0 Redhat Fabric8 Kubernetes 5.10.0 Redhat Fabric8 Kubernetes 5.10.1 Redhat Process Automation 7.0 Redhat Openshift Application Runtimes - Redhat Descision Manager 7.0 Redhat Integration Camel K - Redhat A MQ Streams 2.0.1 Redhat Fuse 7.11 Redhat Integration Camel Quarkus 2.2.1 Redhat Build OF Quarkus 2.2.5	29

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References