Bug 1297916 (CVE-2016-1906)
Summary: | CVE-2016-1906 Kubernetes api server: build config to a strategy that isn't allowed by policy | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bleanhar, carnil, ccoleman, dmcphers, jburrell, jchaloup, jialiu, jkeck, jokerman, kseifried, lmeyer, mmccomas, slong |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build-configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-03-22 04:37:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1297917, 1297918 | ||
Bug Blocks: | 1297922, 1298133 |
Description
Kurt Seifried
2016-01-12 18:43:02 UTC
*** Bug 1298128 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: RHEL 7 Version of OpenShift Enterprise 3.1 Via RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 This issue has been addressed in the following products: RHEL 7 Version of OpenShift Enterprise 3.0 Via RHSA-2016:0351 https://access.redhat.com/errata/RHSA-2016:0351 |