Red Hat Bugzilla – Bug 1316127
CVE-2016-2160 Privilege escalation when changing root password in sti builder image
Last modified: 2016-05-12 12:47:18 EDT
It was reported that by creating a new image with root password changed and using it as a sti builder image, attackers are able to gain ROOT in it. Overridding builder image scripts(e.g. assemble) can help the attackers to access the pod and/or perform remote command execution in it.
Product bugs (contain reproducer):
This issue has been addressed in the following products:
Red Hat OpenShift Enterprise 3.2
Via RHSA-2016:1064 https://access.redhat.com/errata/RHSA-2016:1064