Red Hat Bugzilla – Bug 1255120
CVE-2015-5222 OpenShift3: Exec operations should be forbidden to privileged pods such as builder pods
Last modified: 2015-08-20 15:36:57 EDT
Cesar Wong of Red Hat reports:
Exec operations should be forbidden to privileged pods such as builder pods
because they have privileged access to nodes. Currently, you can exec into any
builder pod, getting privileged root access to the node it's running on.
This issue was discovered by Cesar Wong of the Red Hat OpenShift Enterprise Team.
This issue has been addressed in the following products:
RHEL 7 Version of OpenShift Enterprise 3.0
Via RHSA-2015:1650 https://access.redhat.com/errata/RHSA-2015:1650