[CVE-2019-3895] Privilege escalation allows running new amphorae based on arbitrary images
Bug #1830607 reported by
Carlos Goncalves
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Critical
|
Carlos Goncalves |
Bug Description
https:/
An attacker may cause new amphorae to run based on any arbitrary image. The attacker only needs to create an image in his/her own user project, set same tag "amphora-image" and share it with the "service" project. Upon request to spawn new amphorae, Octavia will now pick up the compromised image.
summary: |
- Privilege escalation allows running new amphorae based on arbitrary - images + [CVE-2019-3895] Privilege escalation allows running new amphorae based + on arbitrary images |
Changed in tripleo: | |
milestone: | none → train-1 |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in tripleo: | |
milestone: | train-1 → train-2 |
Changed in tripleo: | |
milestone: | train-2 → train-3 |
Changed in tripleo: | |
milestone: | train-3 → train-rc1 |
Changed in tripleo: | |
milestone: | train-rc1 → ussuri-1 |
Changed in tripleo: | |
milestone: | ussuri-1 → ussuri-2 |
Changed in tripleo: | |
milestone: | ussuri-2 → ussuri-3 |
information type: | Private Security → Public Security |
To post a comment you must log in.
Resolved in https:/ /review. opendev. org/#/q/ I14b69b9fb5234c f79a4d7e85de5f1 6df5ef7f7a2