Описание
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.
Отчет
Red Hat Product Security classified this issue as Moderate. The flaw exists in a local filesystem abstraction within the Go standard library, it can also be exploited remotely in applications that accept attacker-controlled path input over a network and pass it to Root.Open without proper validation. The attack complexity is low, as exploitation requires only appending "../" to the supplied path. However, the impact is limited: the flaw permits opening only the immediate parent directory, not arbitrary filesystem locations or files contained within that directory. There is no direct impact on file integrity or application availability. These constraints limit the practical exposure of the issue while still represents a boundary bypass and may expose unintended filesystem metadata. The issue does not permit traversal beyond the parent directory, modification of files, or broader system compromise, thereby constraining its overall impact.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Fix deferred | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-waiters-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Fix deferred | ||
| Compliance Operator | compliance/openshift-compliance-operator-bundle | Fix deferred | ||
| Confidential Compute Attestation | build-of-trustee/trustee-rhel9-operator | Fix deferred | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-monitor-rhel9 | Fix deferred | ||
| Cryostat 4 | cryostat/cryostat-storage-rhel9 | Fix deferred | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9 | Fix deferred | ||
| Deployment Validation Operator | dvo/deployment-validation-rhel8-operator | Fix deferred | ||
| ExternalDNS Operator | edo/external-dns-rhel8 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
It was possible to improperly access the parent directory of an os.Roo ...
EPSS
5.3 Medium
CVSS3