oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy

From: cve-assign () mitre org
Date: Thu, 14 Jan 2016 22:57:20 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


CVE request (one is the problem, the other the fix):

https://github.com/openshift/origin/issues/6556
https://github.com/openshift/origin/pull/6576

You can modify a build so that it escalates privileges when built, you
can't build it yourself (that fails) but if the imagestream trigger is used
then it would build and you'd have escalated privileges.



pkg/build/admission/admission.go

-  Handler: admission.NewHandler(admission.Create),
+  Handler: admission.NewHandler(admission.Create, admission.Update),


Use CVE-2016-1906.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWmGzAAAoJEL54rhJi8gl5RsoP/0XiA5NuaONohleODumNEtnk
vBX0Qs7kI3OngNJl1CVodLum+1dO90ngGwRpvVb7LgFnX780f/buOYlKeLOhHOdz
MxjqjkvL9krDTcOXiTc2IUcYchLJCeVmxCHlDA6dzvhNukThKidbmKOWCQkXYJXE
q+75TzXB14zxl4zTTjnw0Q5H1mI0itNbPby1+wTWI1Tq99Wximw4c729VFj161eW
OSnqNQk44j6FlDp6QINoYM+njHphcl/1rJm9J+Qfx9s0Z06Flaig7q89FQ5F5WFO
W2hwAuFhbo+mk1utxzCk+Z4Uh2dUOW86WFrGLd9nx/W4GYrkRekkdSyx8aBKPwy4
aQhV/cZy4IrKd3WJz2J+ivrbbpg1+UwGnZd8oUyLhw+9GoGyY8it9C3iNgTQEbPL
995s2wPIWsZAVAUX/lb11x1NqfDJ5JKR3UJr4MypEaXyz2nM/A/eDEMyEaJkfrzj
/rlmuCeQLwZZ70I+ELz65qPQFI14lFDGQN6QNVL0NM6fNqUol6e85GKH6nuAiuJY
htOPFSAEaQ4Of92gj1V15o6ZqlGfr8LApkZIadqmFlATSijn3aZ/KB85Pl3Y+vdf
JXTkuC+aVKoUvnP4RCk4wbxEwEyeSix1KsHfpb+8nozvy/fmdlA3SRfJTUTtyakw
3KIccaubTIANgI7hO226
=riuw
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: