GO-2022-0701

Source
https://pkg.go.dev/vuln/GO-2022-0701
Import Source
https://vuln.go.dev/ID/GO-2022-0701.json
JSON Data
https://api.test.osv.dev/v1/vulns/GO-2022-0701
Aliases
Published
2022-02-15T01:57:18Z
Modified
2024-07-19T16:04:58Z
Summary
Directory traversal in k8s.io/kubernetes
Details

Crafted object type names can cause directory traversal in Kubernetes.

Object names are not validated before being passed to etcd. This allows attackers to write arbitrary files via a crafted object name, hence causing directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2022-0701"
}
References
Credits
    • liggitt (Jordan Liggitt)

Affected packages

Go / k8s.io/kubernetes

Package

Name
k8s.io/kubernetes
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1

Ecosystem specific

{
    "imports": [
        {
            "path": "k8s.io/kubernetes/pkg/api/rest",
            "symbols": [
                "BeforeCreate"
            ]
        },
        {
            "path": "k8s.io/kubernetes/pkg/registry/generic/etcd",
            "symbols": [
                "NamespaceKeyFunc"
            ]
        },
        {
            "path": "k8s.io/kubernetes/pkg/api/storage",
            "symbols": [
                "NamespaceKeyFunc",
                "NoNamespaceKeyFunc"
            ]
        },
        {
            "path": "k8s.io/kubernetes/pkg/registry/namespace/etcd",
            "symbols": [
                "NewREST"
            ]
        },
        {
            "path": "k8s.io/kubernetes/pkg/registry/node/etcd",
            "symbols": [
                "NewREST"
            ]
        },
        {
            "path": "k8s.io/kubernetes/pkg/registry/persistentvolume/etcd",
            "symbols": [
                "NewREST"
            ]
        }
    ]
}