CVE 2016-1905
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
See the
CVE page on Mitre.org
for more details.