Описание
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.
Отчет
Due to the affected endpoint's logic, only files with the .json extension can be accessed, greatly limiting the impact of this vulnerability. No JSON files with a potential security impact could be identified on the console's pod.
Меры по смягчению последствий
Red Hat Product Security does not have any recommended mitigations at this time. Please update to a patched version of the component as soon as it is available.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-console | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-console | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.
OpenShift Console Has a Path Traversal Vulnerability
EPSS
4.3 Medium
CVSS3