An improper validation of user input flaw was found in the source-to-image component of Openshift. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
Openshift Enterprise through version 3.6 has does not properly sanitize archived filenames in source-to-image/pkg/tar/tar.go:ExtractTarStreamFromTarReader(). An attacker can exploit this with a malicous container to overwrite files on client machines when clients use "oc rsync" to connect to that container.
This is a related but separate issue to CVE-2018-1102.
Name: Michael Hanselmann (Independent)
Created source-to-image tracking bugs for this issue:
Affects: fedora-all [bug 1590175]