{
  "threat_severity" : "Moderate",
  "public_date" : "2015-10-27T00:00:00Z",
  "bugzilla" : {
    "description" : "Kubernetes: Missing name validation allows path traversal in etcd",
    "id" : "1273969",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273969"
  },
  "cvss" : {
    "cvss_base_score" : "4.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-22",
  "details" : [ "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.", "Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal." ],
  "acknowledgement" : "This issue was discovered by Jordan Liggitt (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Enterprise 3.0",
    "release_date" : "2015-10-27T00:00:00Z",
    "advisory" : "RHSA-2015:1945",
    "cpe" : "cpe:/a:redhat:openshift:3.0::el7",
    "package" : "openshift-0:3.0.2.0-0.git.20.656dc3e.el7ose"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-5305\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5305" ],
  "name" : "CVE-2015-5305",
  "csaw" : false
}