A flaw was found in kubernetes. An authorized user can exploit this by creating pods with crafted subpath volume mounts to access files and directories outside of the volume, including on the host node's filesystem.
A flaw was found in kubernetes. An authorized user can exploit this by creating pods with crafted subpath volume mounts to access files and directories outside of the volume, including on the host node's filesystem.
OpenShift Container Platform runs with SELinux in enforcing mode, which reduces the impact of this vulnerability, but does not completely prevent it from being exploited.