A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to unconfined. By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is runtime/default, allowing users to disable seccomp for pods they can create and modify.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openshift | Redhat | 4.11 (including) | 4.11 (including) |
| Openshift | Redhat | 4.12 (including) | 4.12 (including) |