Jordan Liggitt of Red Hat reports:
No validation is performed on the names of some object types. Because the etcd
key is built directly from the object name, this allows path traversal when
This issue was discovered by Jordan Liggitt of Red Hat.
This issue has been addressed in the following products:
RHEL 7 Version of OpenShift Enterprise 3.0
Via RHSA-2015:1945 https://access.redhat.com/errata/RHSA-2015:1945