CVE-2015-5305
published 2015-11-06CVE-2015-5305: Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object…
PriorityP335medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EPSS
1.81%
75.9th percentile
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | — | — |
| github.com | kubernetes_kubernetes | >= 0 < 1.1.1 | 1.1.1 |
| k8s.io | kubernetes | >= 0 < 1.1.1 | 1.1.1 |
| redhat | openshift | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vendor_debian6.4LOW
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Directory Traversal in Kubernetes
osv·2022-02-15
CVE-2015-5305 [MEDIUM] Directory Traversal in Kubernetes
Directory Traversal in Kubernetes
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
OSV
Directory traversal in k8s.io/kubernetes
osv·2022-02-15
CVE-2015-5305 Directory traversal in k8s.io/kubernetes
Directory traversal in k8s.io/kubernetes
Crafted object type names can cause directory traversal in Kubernetes.
Object names are not validated before being passed to etcd. This allows attackers to write arbitrary files via a crafted object name, hence causing directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0.
GHSA
Directory Traversal in Kubernetes
ghsa·2022-02-15
CVE-2015-5305 [MEDIUM] CWE-22 Directory Traversal in Kubernetes
Directory Traversal in Kubernetes
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
Red Hat
Kubernetes: Missing name validation allows path traversal in etcd
vendor_redhat·2015-10-27·CVSS 6.4
CVE-2015-5305 [MEDIUM] CWE-22 Kubernetes: Missing name validation allows path traversal in etcd
Kubernetes: Missing name validation allows path traversal in etcd
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal.
Debian
CVE-2015-5305: kubernetes - Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift En...
vendor_debian·2015·CVSS 6.4
CVE-2015-5305 [MEDIUM] CVE-2015-5305: kubernetes - Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift En...
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
2015-11-06
Published