CVE-2021-4178 — MEDIUM (6.7)

Q: How severe is CVE-2021-4178?

CVE-2021-4178 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-4178?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Fabric8-Kubernetes, Redhat A-Mq Streams, Redhat Build Of Quarkus, Redhat Descision Manager, Redhat Fuse.

Vulnerability Description

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Fabric8-Kubernetes	>= 5.0.1, < 5.0.3
Redhat	A-Mq Streams	2.0.1
Redhat	Build Of Quarkus	2.2.5
Redhat	Descision Manager	7.0
Redhat	Fuse	7.11
Redhat	Integration Camel K	-
Redhat	Integration Camel Quarkus	2.2.1
Redhat	Openshift Application Runtimes	-
Redhat	Process Automation	7.0

Related Weaknesses (CWE)

CWE-502

References

https://access.redhat.com/security/cve/CVE-2021-4178Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2034388Issue TrackingVendor Advisory
https://github.com/advisories/GHSA-98g7-rxmf-rrxmThird Party Advisory
https://github.com/fabric8io/kubernetes-client/issues/3653Issue TrackingThird Party Advisory
https://access.redhat.com/security/cve/CVE-2021-4178Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2034388Issue TrackingVendor Advisory
https://github.com/advisories/GHSA-98g7-rxmf-rrxmThird Party Advisory
https://github.com/fabric8io/kubernetes-client/issues/3653Issue TrackingThird Party Advisory

FAQ

What is CVE-2021-4178?

CVE-2021-4178 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privile...

How severe is CVE-2021-4178?

CVE-2021-4178 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-4178?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Fabric8-Kubernetes, Redhat A-Mq Streams, Redhat Build Of Quarkus, Redhat Descision Manager, Redhat Fuse.