Описание
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
Ссылки
- Issue Tracking
- Issue Tracking
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)
EPSS
6.1 Medium
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2