Back to bug 1297916
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Kurt Seifried | 2016-01-12 18:43:42 UTC | Depends On | 1297917 | |
| Kurt Seifried | 2016-01-12 18:43:48 UTC | Depends On | 1297918 | |
| Kurt Seifried | 2016-01-12 18:49:08 UTC | Blocks | 1297922 | |
| Salvatore Bonaccorso | 2016-01-12 20:32:44 UTC | CC | carnil | |
| Kurt Seifried | 2016-01-13 18:39:14 UTC | Blocks | 1298133 | |
| CC | amaris | |||
| Kurt Seifried | 2016-01-13 18:41:32 UTC | Whiteboard | impact=moderate,public=20160106,reported=20160106,source=internet,cvss2=4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected | impact=moderate,public=20160106,reported=20160106,source=internet,cvss2=4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected,rhel-7/kubernetes=new,fedora-all/kubernetes=affected |
| Kurt Seifried | 2016-01-15 04:39:36 UTC | Alias | CVE-2016-1906 | |
| Kurt Seifried | 2016-01-15 04:39:42 UTC | Summary | Kubernetes api server: build config to a strategy that isn't allowed by policy | CVE-2016-1906 Kubernetes api server: build config to a strategy that isn't allowed by policy |
| Kurt Seifried | 2016-01-15 20:51:47 UTC | Doc Text | It was discovered that Kubernetes did not properly check user permissions when handling certain strategies in build configuration. An attacker can create build configurations with strategies that violate policy, and although the attacker cannot launch the build themselves (this will fail due to the policy being violated) if these build configuration files are later launched by other privileged services (such as automated triggers) the privileges allowed for the user may be bypassed allowing escalation by an attacker. |
|
| Summer Long | 2016-01-18 01:19:19 UTC | CC | slong | |
| Doc Text | It was discovered that Kubernetes did not properly check user permissions when handling certain strategies in build configuration. An attacker can create build configurations with strategies that violate policy, and although the attacker cannot launch the build themselves (this will fail due to the policy being violated) if these build configuration files are later launched by other privileged services (such as automated triggers) the privileges allowed for the user may be bypassed allowing escalation by an attacker. | An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build-configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation. | ||
| Kurt Seifried | 2016-03-22 04:37:12 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-22 00:37:12 UTC | |||
| Adam Mariš | 2016-07-26 07:52:48 UTC | Flags | needinfo?(kseifried) | |
| Kurt Seifried | 2016-07-30 03:32:20 UTC | Whiteboard | impact=moderate,public=20160106,reported=20160106,source=internet,cvss2=4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected,rhel-7/kubernetes=new,fedora-all/kubernetes=affected | impact=moderate,public=20160106,reported=20160106,source=internet,cvss2=4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected,rhel-7/kubernetes=affected,fedora-all/kubernetes=affected |
| Flags | needinfo?(kseifried) | |||
| Adam Mariš | 2016-11-08 16:08:56 UTC | CC | amaris | |
| Cedric Buissart | 2018-04-10 12:44:15 UTC | CC | jchaloup | |
| Whiteboard | impact=moderate,public=20160106,reported=20160106,source=internet,cvss2=4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected,rhel-7/kubernetes=affected,fedora-all/kubernetes=affected | impact=moderate,public=20160106,reported=20160106,source=internet,cvss2=4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected,rhel-7/kubernetes=wontfix,fedora-all/kubernetes=affected | ||
| Product Security DevOps Team | 2019-09-29 13:41:49 UTC | Whiteboard | impact=moderate,public=20160106,reported=20160106,source=internet,cvss2=4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P,cwe=CWE-285,openshift-enterprise-3/Security=affected,rhel-7/kubernetes=wontfix,fedora-all/kubernetes=affected |
Back to bug 1297916