Bug 2120939

Summary: openshift/router: Improper Input Validation
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jburrell, mmasters, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2108560    

Description Avinash Hanwate 2022-08-24 05:08:30 UTC
Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering malfunction of various downstream components. The checks on inputs openshift-router perform are not on par with Kubernetes checks for ports, Service names (and additional backend service names). Indeed, the invalid format for those is implicitly detected when ensuring the objects exist in Kubernetes before producing the Haproxy configuration. Relying on such implicit validation is dangerous as it exposes a wider attack surface to invalid inputs.
One way to abuse this lack of explicit validation is to reflect those in the oc command line. When inserting terminal escape sequences, it is indeed possible to manipulate the entire output as viewed by the user. As such, this issue can be considered a new vector for an already known attack: CVE-2021-25743.