It was reported that access to create STI builds is not tightly controlled. STI build has access to the docker socket and regular users are allowed to update pods and change the container image. This can result into regular user creating STI build and updating the pod to run evil image effectively taking control of the node. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1333057
Acknowledgments: Name: David Eads (Red Hat)
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 3.2 Via RHSA-2016:1094 https://access.redhat.com/errata/RHSA-2016:1094