CVE-2015-5305: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

February 15, 2022 (updated April 12, 2022)

Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.

References

access.redhat.com/errata/RHSA-2015:1945
bugzilla.redhat.com/show_bug.cgi?id=1273969
github.com/advisories/GHSA-jp32-vmm6-3vf5
github.com/kubernetes/kubernetes/commit/68f2add9bd5d43b9da1424d87d88f83d120e17d0
nvd.nist.gov/vuln/detail/CVE-2015-5305
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5305

Detect and mitigate CVE-2015-5305 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →