Openshift-console: openshift console: path traversal

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

对路径名的限制不恰当(路径遍历)

Red Hat OpenShift Console 路径遍历漏洞

Red Hat OpenShift Console是美国红帽（Red Hat）公司的一个 OpenShift 控制台。 Red Hat OpenShift Console存在路径遍历漏洞，该漏洞源于文件路径构造不安全，可能导致经过身份验证的用户通过操纵路径检索控制台上的任意JSON文件。

N/A

N/A