File tree 1 file changed +57
-0
lines changed
1 file changed +57
-0
lines changed Original file line number Diff line number Diff line change 1+ packages :
2+ - module : k8s.io/kubernetes
3+ package : k8s.io/kubernetes/pkg/api/rest
4+ symbols :
5+ - BeforeCreate
6+ versions :
7+ - fixed : 1.1.1
8+ - module : k8s.io/kubernetes
9+ package : k8s.io/kubernetes/pkg/registry/generic/etcd
10+ symbols :
11+ - NamespaceKeyFunc
12+ versions :
13+ - fixed : 1.1.1
14+ - module : k8s.io/kubernetes
15+ package : k8s.io/kubernetes/pkg/storage
16+ symbols :
17+ - NamespaceKeyFunc
18+ - NoNamespaceKeyFunc
19+ versions :
20+ - fixed : 1.1.1
21+ - module : k8s.io/kubernetes
22+ package : k8s.io/kubernetes/pkg/registry/namespace/etcd
23+ symbols :
24+ - NewREST
25+ versions :
26+ - fixed : 1.1.1
27+ - module : k8s.io/kubernetes
28+ package : k8s.io/kubernetes/pkg/registry/node/etcd
29+ symbols :
30+ - NewREST
31+ versions :
32+ - fixed : 1.1.1
33+ - module : k8s.io/kubernetes
34+ package : k8s.io/kubernetes/pkg/registry/persistentvolume/etcd
35+ symbols :
36+ - NewREST
37+ versions :
38+ - fixed : 1.1.1
39+ description : |
40+ Crafted object type names can cause directory traversal in Kubernetes.
41+
42+ Object names are not validated before being passed to etcd. This allows
43+ attackers to write arbitrary files via a crafted object name, hence causing
44+ directory traversal vulnerability in Kubernetes, as used in Red Hat
45+ OpenShift Enterprise 3.0.
46+ published : 2022-02-15T01:57:18Z
47+ last_modified : 2022-04-12T22:38:09Z
48+ cves :
49+ - CVE-2015-5305
50+ ghsas :
51+ - GHSA-jp32-vmm6-3vf5
52+ credit : liggitt (Jordan Liggitt)
53+ links :
54+ pr : https://github.com/kubernetes/kubernetes/pull/16381
55+ commit : https://github.com/kubernetes/kubernetes/commit/37f730f68c7f06e060f90714439bfb0dbb2df5e7
56+ context :
57+ - https://github.com/advisories/GHSA-jp32-vmm6-3vf5
You can’t perform that action at this time.
0 commit comments