CVE-2015-5305

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.

Published: Nov 6, 2015
Updated: May 9, 2024
CVE: CVE-2015-5305
GHSA: GHSA-jp32-vmm6-3vf5
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
redhat / openshift	3.0	3.0.x
github.com/kubernetes/kubernetes	-	1.1.1
k8s.io/kubernetes	-	1.1.1

https://access.redhat.com/errata/RHSA-2015:1945
https://access.redhat.com/security/cve/CVE-2015-5305
https://bugzilla.redhat.com/show_bug.cgi?id=1273969
https://github.com/kubernetes/kubernetes/commit/37f730f68c7f06e060f90714439bfb0dbb2df5e7
https://github.com/kubernetes/kubernetes/commit/68f2add9bd5d43b9da1424d87d88f83d120e17d0
https://github.com/kubernetes/kubernetes/pull/16381
https://pkg.go.dev/vuln/GO-2022-0701
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5305

Vulnerability Database

CVE-2015-5305

Deep Security Visibility Without the Complexity