CVE-2018-1103

Name of the Vulnerable Software and Affected Versions Openshift Enterprise source-to-image versions prior to 1.1.10

Description The issue is related to improper validation of user input and path sanitization. Archives containing relative file paths can cause files to be written or overwritten outside of the target directory. An attacker could trick a user into using a command to copy files locally from a pod, potentially overriding files outside the target directory.

Recommendations For versions prior to 1.1.10, update to version 1.1.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of the command to copy files locally from a pod to minimize the risk of exploitation. Avoid using archives containing relative file paths in the affected github.com/openshift/source-to-image/pkg/tar package until the issue is resolved.