https://bugzilla.redhat.com/show_bug.cgi?id=1298116
Bug ID: 1298116
Summary: kubernetes: Improper admission check control
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: eparis(a)redhat.com, golang(a)lists.fedoraproject.org,
jcajka(a)redhat.com, jchaloup(a)redhat.com,
nhorman(a)redhat.com, vbatts(a)redhat.com
It was found that patch will check admission control with an empty object and
if it passes, then will proceed to update the object with the patch. Admission
control plugins don't get a chance to see/validate what is actually going to be
updated.
CVE request:
http://seclists.org/oss-sec/2016/q1/76
Upstream patch:
https://github.com/deads2k/kubernetes/commit/d1e258afcf837cf70522c2950bb0...
--
You are receiving this mail because:
You are on the CC list for the bug.