PT-2015-6842 · Red Hat+2 · Red Hat Openshift Enterprise+2
Jordan Liggitt
·
Published
2015-11-06
·
Updated
2023-02-13
·
CVE-2015-5305
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Kubernetes versions prior to the fixed version
Red Hat OpenShift Enterprise version 3.0
Description
A directory traversal issue exists due to improper handling of crafted object type names before they are passed to etcd. This allows attackers to write to arbitrary files, exploiting the vulnerability. The issue arises from the lack of validation of object names.
Recommendations
For Kubernetes versions prior to the fixed version, consider restricting access to etcd to minimize the risk of exploitation.
For Red Hat OpenShift Enterprise version 3.0, update to a version that includes the fix for this issue.
As a temporary workaround, consider validating object type names before passing them to etcd to prevent directory traversal attacks.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kubernetes
Red Hat Openshift Enterprise
Etcd