CVE-2015-5305

Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to the fixed version Red Hat OpenShift Enterprise version 3.0

Description A directory traversal issue exists due to improper handling of crafted object type names before they are passed to etcd. This allows attackers to write to arbitrary files, exploiting the vulnerability. The issue arises from the lack of validation of object names.

Recommendations For Kubernetes versions prior to the fixed version, consider restricting access to etcd to minimize the risk of exploitation. For Red Hat OpenShift Enterprise version 3.0, update to a version that includes the fix for this issue. As a temporary workaround, consider validating object type names before passing them to etcd to prevent directory traversal attacks.