| Summary: | CVE-2016-1905 Kubernetes api server: patch operation should use patched object to check admission control | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bleanhar, carnil, ccoleman, dma, dmcphers, jchaloup, jialiu, jkeck, jokerman, kseifried, lmeyer, mmccomas, slong |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-03-22 04:37:05 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1297917, 1297918 | ||
| Bug Blocks: | 1297922, 1298133 | ||
|
Description
Kurt Seifried
2016-01-12 18:37:03 UTC
Upstream patch: https://github.com/deads2k/kubernetes/commit/d1e258afcf837cf70522c2950bb0aef593da9c3e *** Bug 1298116 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: RHEL 7 Version of OpenShift Enterprise 3.1 Via RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 This issue has been addressed in the following products: RHEL 7 Version of OpenShift Enterprise 3.0 Via RHSA-2016:0351 https://access.redhat.com/errata/RHSA-2016:0351 |