Red Hat OpenShift Enterprise Directory Traversal Vulnerability

Summary

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.

Credit:

Details

Vulnerable Systems:
 * Red Hat OpenShift Enterprise 3.0

Kubernetes allows orchestration and control of Docker containers as used in OpenShift Enterprise 3.Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal. Before applying this update, make sure all previously released errata relevant to your system have been applied.

CVE Information:
CVE-2015-5305

Disclosure Timeline:
Original release date: 11/06/2015
Last revised: 11/09/2015

Categories: News