Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.