Bug 1298128

Summary: openshift-origin: kubernetes: Building configuration to a strategy not allowed by policy
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abhgupta, dmcphers, eparis, golang-updates, jcajka, jchaloup, jialiu, jokerman, kseifried, lmeyer, mmccomas, nhorman, tiwillia, vbatts
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-13 18:39:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1298129, 1298130    
Bug Blocks: 1298133    

Description Adam Mariš 2016-01-13 10:17:04 UTC 
It was found that it is allowed to modify a build to use a restricted strategy so that it escalates privileges when built.

Upstream Bug:

https://github.com/openshift/origin/issues/6556

Upstream patch:

https://github.com/openshift/origin/pull/6576

CVE request:

http://seclists.org/oss-sec/2016/q1/79
Comment 1 Adam Mariš 2016-01-13 10:17:39 UTC 
Created kubernetes tracking bugs for this issue:

Affects: fedora-all [bug 1298129]
Comment 3 Kurt Seifried 2016-01-13 18:39:14 UTC 

*** This bug has been marked as a duplicate of bug 1297916 ***