2120939 – openshift/router: Improper Input Validation

Bug 2120939 - openshift/router: Improper Input Validation

Summary: openshift/router: Improper Input Validation

Keywords:
Status:	NEW
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2108560
TreeView+	depends on / blocked

Reported:	2022-08-24 05:08 UTC by Avinash Hanwate
Modified:	2023-07-07 08:28 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2022-08-24 05:08:30 UTC

Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering malfunction of various downstream components. The checks on inputs openshift-router perform are not on par with Kubernetes checks for ports, Service names (and additional backend service names). Indeed, the invalid format for those is implicitly detected when ensuring the objects exist in Kubernetes before producing the Haproxy configuration. Relying on such implicit validation is dangerous as it exposes a wider attack surface to invalid inputs.
One way to abuse this lack of explicit validation is to reflect those in the oc command line. When inserting terminal escape sequences, it is indeed possible to manipulate the entire output as viewed by the user. As such, this issue can be considered a new vector for an already known attack: CVE-2021-25743.

Note You need to log in before you can comment on or make changes to this bug.