admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: there is a serious privilege escalation vulnerability in the kubectl terminal tool (#6253)

Browse Source 
Signed-off-by: lingbo <lingbo@lingbohome.com>
This commit is contained in:
凌波
2024-10-31 09:48:06 +08:00
committed by GitHub
parent 8d3e5e0141
commit 1b3f2c0d58
2 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/apiserver/apiserver.go
View File

@@ -234,7 +234,6 @@ func (s *APIServer) buildHandlerChain(handler http.Handler, stopCh <-chan struct
iamv1beta1.Resource(iamv1beta1.ResourcesPluralGlobalRole),
iamv1beta1.Resource(iamv1beta1.ResourcesPluralGlobalRoleBinding),
tenantv1beta1.Resource(tenantv1beta1.ResourcePluralWorkspace),
tenantv1beta1.Resource(tenantv1beta1.ResourcePluralWorkspace),
tenantv1beta1.Resource(clusterv1alpha1.ResourcesPluralCluster),
clusterv1alpha1.Resource(clusterv1alpha1.ResourcesPluralCluster),
clusterv1alpha1.Resource(clusterv1alpha1.ResourcesPluralLabel),

1
pkg/models/terminal/terminal.go
View File

@@ -376,7 +376,6 @@ func (t *terminaler) createKubectlPod(ctx context.Context, podName, username str
},
},
},
ServiceAccountName: "kubesphere",
Volumes: []corev1.Volume{
{
Name: "host-time",