A vulnerability has been discovered in the Kubernetes Java client. An attacker can use specific YAML templates to execute mailicious code. This topic describes the affected Kubernetes Java client versions and fixes of the vulnerability.

The Common Vulnerability Scoring System (CVSS) score of this vulnerability is 6.7.

Affected versions

The following Kubernetes Java client versions are affected by this vulnerability:

  • Kubernetes Java Client=v12.0.0
  • Kubernetes Java client ≤ v11.0.1
  • Kubernetes Java client ≤ v10.0.1
  • Kubernetes Java client ≤ v9.0.2

The vulnerability is fixed in the following Kubernetes Java client versions:

  • Kubernetes Java client master: 1676
  • Kubernetes Java client ≥ v12.0.1: 1691
  • Kubernetes Java client ≥ v11.0.2: 1692

Fixes

Use a patched Kubernetes Java client version to access your cluster. For more information about this vulnerability, see 1698.