Lucene search

K

GitHub Advisory DatabaseGHSA-JP32-VMM6-3VF5

HistoryFeb 15, 2022 - 1:57 a.m.

Directory Traversal in Kubernetes

2022-02-1501:57:18

CWE-22

GitHub Advisory Database

github.com

11

kubernetes

red hat openshift

directory traversal

security vulnerability

etcd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

EPSS

0.001

Percentile

41.5%

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.

Affected configurations

Vulners

Node

k8s.iokubernetesRange<1.1.1

OR

kuberneteskubernetesRange<1.1.1

VendorProductVersionCPE
k8s.iokubernetes*cpe:2.3:a:k8s.io:kubernetes:*:*:*:*:*:*:*:*
kuberneteskubernetes*cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

References

access.redhat.com/errata/RHSA-2015:1945

access.redhat.com/security/cve/CVE-2015-5305

bugzilla.redhat.com/show_bug.cgi?id=1273969

github.com/advisories/GHSA-jp32-vmm6-3vf5

github.com/kubernetes/kubernetes/commit/37f730f68c7f06e060f90714439bfb0dbb2df5e7

github.com/kubernetes/kubernetes/commit/68f2add9bd5d43b9da1424d87d88f83d120e17d0

github.com/kubernetes/kubernetes/pull/16381

nvd.nist.gov/vuln/detail/CVE-2015-5305

pkg.go.dev/vuln/GO-2022-0701

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5305

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

EPSS

0.001

Percentile

41.5%

Related for GHSA-JP32-VMM6-3VF5

osv2 nvd1 veracode2 cve1 debiancve1 redhat1 cvelist1 prion1 nessus1