GO-2022-0701
- Source
- https://pkg.go.dev/vuln/GO-2022-0701
- Import Source
- https://vuln.go.dev/ID/GO-2022-0701.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2022-0701
- Aliases
-
- CVE-2015-5305
- GHSA-jp32-vmm6-3vf5
- Published
- 2022-02-15T01:57:18Z
- Modified
- 2024-07-19T16:04:58Z
- Summary
- Directory traversal in k8s.io/kubernetes
- Details
-
Crafted object type names can cause directory traversal in Kubernetes.
Object names are not validated before being passed to etcd. This allows attackers to write arbitrary files via a crafted object name, hence causing directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0.
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2022-0701", "review_status": "REVIEWED" }- References
- Credits
-
-
- liggitt (Jordan Liggitt)
-
Affected packages
Go / k8s.io/kubernetes
Package
- Name
- k8s.io/kubernetes
- View open source insights on deps.dev
- Purl
- pkg:golang/k8s.io/kubernetes
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1
Ecosystem specific
{
"imports": [
{
"symbols": [
"BeforeCreate"
],
"path": "k8s.io/kubernetes/pkg/api/rest"
},
{
"symbols": [
"NamespaceKeyFunc"
],
"path": "k8s.io/kubernetes/pkg/registry/generic/etcd"
},
{
"symbols": [
"NamespaceKeyFunc",
"NoNamespaceKeyFunc"
],
"path": "k8s.io/kubernetes/pkg/api/storage"
},
{
"symbols": [
"NewREST"
],
"path": "k8s.io/kubernetes/pkg/registry/namespace/etcd"
},
{
"symbols": [
"NewREST"
],
"path": "k8s.io/kubernetes/pkg/registry/node/etcd"
},
{
"symbols": [
"NewREST"
],
"path": "k8s.io/kubernetes/pkg/registry/persistentvolume/etcd"
}
]
}