Bug 1273969 (CVE-2015-5305) - CVE-2015-5305 Kubernetes: Missing name validation allows path traversal in etcd
Summary: CVE-2015-5305 Kubernetes: Missing name validation allows path traversal in etcd
Alias: CVE-2015-5305
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=moderate,public=20151027,repor...
Keywords: Security
Depends On: 1273494
Blocks: 1273971
TreeView+ depends on / blocked
Reported: 2015-10-21 15:32 UTC by Kurt Seifried
Modified: 2019-06-08 20:48 UTC (History)
12 users (show)

Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal.
Clone Of:
Last Closed: 2015-10-27 20:30:33 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1945 normal SHIPPED_LIVE Moderate: kubernetes security update 2015-10-27 22:41:38 UTC

Description Kurt Seifried 2015-10-21 15:32:41 UTC
Jordan Liggitt of Red Hat reports:

No validation is performed on the names of some object types. Because the etcd 
key is built directly from the object name, this allows path traversal when 
writing data.

Comment 1 Kurt Seifried 2015-10-21 15:35:22 UTC

This issue was discovered by Jordan Liggitt of Red Hat.

Comment 2 errata-xmlrpc 2015-10-27 18:41:56 UTC
This issue has been addressed in the following products:

  RHEL 7 Version of OpenShift Enterprise 3.0

Via RHSA-2015:1945 https://access.redhat.com/errata/RHSA-2015:1945

Note You need to log in before you can comment on or make changes to this bug.