[Bug 1298116] New: kubernetes: Improper admission check control

Wednesday, 13 January 2016

https://bugzilla.redhat.com/show_bug.cgi?id=1298116

            Bug ID: 1298116
           Summary: kubernetes: Improper admission check control
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team(a)redhat.com
          Reporter: amaris(a)redhat.com
                CC: eparis(a)redhat.com, golang(a)lists.fedoraproject.org,
                    jcajka(a)redhat.com, jchaloup(a)redhat.com,
                    nhorman(a)redhat.com, vbatts(a)redhat.com

It was found that patch will check admission control with an empty object and
if it passes, then will proceed to update the object with the patch. Admission
control plugins don't get a chance to see/validate what is actually going to be
updated. 

CVE request:

http://seclists.org/oss-sec/2016/q1/76

Upstream patch:

https://github.com/deads2k/kubernetes/commit/d1e258afcf837cf70522c2950bb0...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[Bug 1298116] New: kubernetes: Improper admission check control