Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal.
Jordan Liggitt of Red Hat reports:
No validation is performed on the names of some object types. Because the etcd
key is built directly from the object name, this allows path traversal when
This issue was discovered by Jordan Liggitt of Red Hat.
This issue has been addressed in the following products:
RHEL 7 Version of OpenShift Enterprise 3.0
Via RHSA-2015:1945 https://access.redhat.com/errata/RHSA-2015:1945