Crafted object type names can cause directory traversal in Kubernetes.
Object names are not validated before being passed to etcd. This allows attackers to write arbitrary files via a crafted object name, hence causing directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0.
{ "imports": [ { "path": "k8s.io/kubernetes/pkg/api/rest", "symbols": [ "BeforeCreate" ] }, { "path": "k8s.io/kubernetes/pkg/registry/generic/etcd", "symbols": [ "NamespaceKeyFunc" ] }, { "path": "k8s.io/kubernetes/pkg/storage", "symbols": [ "NamespaceKeyFunc", "NoNamespaceKeyFunc" ] }, { "path": "k8s.io/kubernetes/pkg/registry/namespace/etcd", "symbols": [ "NewREST" ] }, { "path": "k8s.io/kubernetes/pkg/registry/node/etcd", "symbols": [ "NewREST" ] }, { "path": "k8s.io/kubernetes/pkg/registry/persistentvolume/etcd", "symbols": [ "NewREST" ] } ] }