Back to bug 2042418
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2022-01-19 13:49:44 UTC | Depends On | 2042419 | |
| Guilherme de Almeida Suckevicz | 2022-01-19 13:49:49 UTC | Blocks | 2042420 | |
| Przemyslaw Roguski | 2022-01-21 13:49:00 UTC | CC | aos-apiserver-staff, joelsmith, lhinds, mfojtik, sttts, xxia | |
| Przemyslaw Roguski | 2022-01-21 14:09:48 UTC | CC | maszulik | |
| Przemyslaw Roguski | 2022-01-21 14:14:35 UTC | CC | gparvin, jramanat, njean, pahickey, stcannon | |
| Przemyslaw Roguski | 2022-01-21 14:16:01 UTC | CC | admiller, zebob.m | |
| Przemyslaw Roguski | 2022-01-21 14:17:14 UTC | Depends On | 2043564, 2043565, 2043563 | |
| Przemyslaw Roguski | 2022-01-21 14:22:40 UTC | Doc Text | An improper input validation vulnerability was discovered in Kubernetes. In Kubernetes and OpenShift Container Platform, terminal escape sequence characters are not sanitized in various object free text fields. An authenticated user could exploit this by including escape sequence characters in free text fields that are later display by the `kubectl` or `oc` binaries. This allows for spoofing and obscuring `kubectl` output. | |
| Przemyslaw Roguski | 2022-01-21 14:28:54 UTC | Depends On | 2043570, 2043569, 2043571 | |
| RaTasha Tillery-Smith | 2022-01-21 18:08:20 UTC | Doc Text | An improper input validation vulnerability was discovered in Kubernetes. In Kubernetes and OpenShift Container Platform, terminal escape sequence characters are not sanitized in various object free text fields. An authenticated user could exploit this by including escape sequence characters in free text fields that are later display by the `kubectl` or `oc` binaries. This allows for spoofing and obscuring `kubectl` output. | An improper input validation vulnerability was discovered in Kubernetes. In Kubernetes and the OpenShift Container Platform, terminal escape sequence characters are not sanitized in various object-free text fields. This flaw allows an authenticated user to include escape sequence characters in free text fields that are later displayed by the `kubectl` or `oc` binaries. This issue allows spoofing and obscuring `kubectl` output. |
| Florencio Cano | 2022-01-24 14:20:56 UTC | Depends On | 2044401 | |
| Florencio Cano | 2022-01-24 14:21:47 UTC | CC | rfreiman | |
| Florencio Cano | 2022-01-24 14:22:21 UTC | Depends On | 2044402 | |
| Borja Tarraso | 2022-01-28 11:43:38 UTC | Depends On | 2047712 | |
| Vipul Nair | 2022-02-22 06:21:35 UTC | Depends On | 2056822, 2056821 | |
| Red Hat Bugzilla | 2022-02-22 06:37:16 UTC | CC | jnakfour | |
| Red Hat Bugzilla | 2022-04-23 04:25:46 UTC | CC | chousekn | |
| Jeff Fearn 🐞 | 2022-05-03 00:25:59 UTC | CC | aos-apiserver-staff | |
| Red Hat Bugzilla | 2022-09-30 18:50:57 UTC | CC | pbhattac | |
| Avinash Hanwate | 2022-11-10 09:08:06 UTC | Doc Text | An improper input validation vulnerability was discovered in Kubernetes. In Kubernetes and the OpenShift Container Platform, terminal escape sequence characters are not sanitized in various object-free text fields. This flaw allows an authenticated user to include escape sequence characters in free text fields that are later displayed by the `kubectl` or `oc` binaries. This issue allows spoofing and obscuring `kubectl` output. | A configuration injection flaw was found in Haproxy. The loose regular expression allows for using special characters that can change the configuration's directive in uncontrolled ways. All changes are limited to the same line. An attacker could leverage this injection to leak limited amounts of information from the environment, Haproxy's internal variables like the current TLS session keys and random, brute force contents in files, and forcefully prevent new changes to the Haproxy generated configuration by breaking it. |
| CC | adudiak, tfister | |||
| Anten Skrabec | 2023-03-13 20:45:15 UTC | Doc Text | A configuration injection flaw was found in Haproxy. The loose regular expression allows for using special characters that can change the configuration's directive in uncontrolled ways. All changes are limited to the same line. An attacker could leverage this injection to leak limited amounts of information from the environment, Haproxy's internal variables like the current TLS session keys and random, brute force contents in files, and forcefully prevent new changes to the Haproxy generated configuration by breaking it. | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. |
| Red Hat Bugzilla | 2023-03-29 23:17:19 UTC | CC | lhinds | |
| Red Hat Bugzilla | 2023-04-29 08:27:57 UTC | CC | sttts | |
| Red Hat Bugzilla | 2023-06-08 07:31:01 UTC | CC | stclairt | |
| Red Hat Bugzilla | 2023-07-07 08:31:23 UTC | Assignee | security-response-team | nobody |
Back to bug 2042418