Kubernetes is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. Upstream patch: https://github.com/kubernetes/kubernetes/commit/7fef0a4f6a44ea36f166c39fdade5324eff2dd5e Upstream issue: https://github.com/kubernetes/kubernetes/issues/43459 References: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETES-50004
Created kubernetes tracking bugs for this issue: Affects: fedora-25 [bug 1486337]
OpenShift isn't affected because we use Security Context Constraints (SCC) instead of Pod Security Policy (PSP). PSP support is not imported from upstream. This will only affect OpenShift if we start using PSP. If that becomes the case, it would need to be imported from upstream (where it is fixed).