[CVE-2019-3895] Privilege escalation allows running new amphorae based on arbitrary images
Bug #1830607 reported by
Carlos Goncalves
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tripleo |
Fix Released
|
Critical
|
Carlos Goncalves | ||
Bug Description
https:/
An attacker may cause new amphorae to run based on any arbitrary image. The attacker only needs to create an image in his/her own user project, set same tag "amphora-image" and share it with the "service" project. Upon request to spawn new amphorae, Octavia will now pick up the compromised image.
| summary: |
- Privilege escalation allows running new amphorae based on arbitrary - images + [CVE-2019-3895] Privilege escalation allows running new amphorae based + on arbitrary images |
| Changed in tripleo: | |
| milestone: | none → train-1 |
| importance: | Undecided → Critical |
| status: | New → Triaged |
| Changed in tripleo: | |
| milestone: | train-1 → train-2 |
| Changed in tripleo: | |
| milestone: | train-2 → train-3 |
| Changed in tripleo: | |
| milestone: | train-3 → train-rc1 |
| Changed in tripleo: | |
| milestone: | train-rc1 → ussuri-1 |
| Changed in tripleo: | |
| milestone: | ussuri-1 → ussuri-2 |
| Changed in tripleo: | |
| milestone: | ussuri-2 → ussuri-3 |
Revision history for this message
| Carlos Goncalves (cgoncalves) wrote | #1 |
| Changed in tripleo: | |
| status: | Triaged → Fix Released |
| assignee: | nobody → Carlos Goncalves (cgoncalves) |
| information type: | Private Security → Public Security |
To post a comment you must log in.
Resolved in https:/