admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[release-4.1] fix: there is a serious privilege escalation vulnerability in the kubectl terminal tool (#6254)

Browse Source 
fix: there is a serious privilege escalation vulnerability in the kubectl terminal tool

Signed-off-by: lingbo <lingbo@lingbohome.com>
Co-authored-by: lingbo <lingbo@lingbohome.com>
This commit is contained in:
KubeSphere CI Bot
2024-10-31 11:42:07 +08:00
committed by GitHub
parent 286282e3a8
commit d6ff99e5a2
2 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/apiserver/apiserver.go
View File

@@ -234,7 +234,6 @@ func (s *APIServer) buildHandlerChain(handler http.Handler, stopCh <-chan struct
iamv1beta1.Resource(iamv1beta1.ResourcesPluralGlobalRole),
iamv1beta1.Resource(iamv1beta1.ResourcesPluralGlobalRoleBinding),
tenantv1beta1.Resource(tenantv1beta1.ResourcePluralWorkspace),
tenantv1beta1.Resource(tenantv1beta1.ResourcePluralWorkspace),
tenantv1beta1.Resource(clusterv1alpha1.ResourcesPluralCluster),
clusterv1alpha1.Resource(clusterv1alpha1.ResourcesPluralCluster),
clusterv1alpha1.Resource(clusterv1alpha1.ResourcesPluralLabel),

1
pkg/models/terminal/terminal.go
View File

@@ -376,7 +376,6 @@ func (t *terminaler) createKubectlPod(ctx context.Context, podName, username str
},
},
},
ServiceAccountName: "kubesphere",
Volumes: []corev1.Volume{
{
Name: "host-time",