A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat openshift container platform 3.11 |
||
redhat openshift_container_platform 4.13 |
||
redhat openshift_container_platform 4.14 |