[Bug 1298116] New: kubernetes: Improper admission check control

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1298116

            Bug ID: 1298116
           Summary: kubernetes: Improper admission check control
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: ama...@redhat.com
                CC: epa...@redhat.com, golang@lists.fedoraproject.org,
                    jca...@redhat.com, jchal...@redhat.com,
                    nhor...@redhat.com, vba...@redhat.com



It was found that patch will check admission control with an empty object and
if it passes, then will proceed to update the object with the patch. Admission
control plugins don't get a chance to see/validate what is actually going to be
updated. 

CVE request:

http://seclists.org/oss-sec/2016/q1/76

Upstream patch:

https://github.com/deads2k/kubernetes/commit/d1e258afcf837cf70522c2950bb0aef593da9c3e

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
golang mailing list
golang@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/golang@lists.fedoraproject.org