- Kubernetes has disclosed a major priviledge escalation flaw
- The flaw has been assigned CVE identifier CVE-2018-1002105
Kubernetes, the widely loved and rapidly adopted cloud container orchestration system has disclosed a massive and critical security issue.
As per a Red Hat advisory, the issue affects “all Kubernetes-based services and products – including Red Hat OpenShift Container Platform, Red Hat OpenShift Online, and Red Hat OpenShift Dedicated“.
While Red Hat did not elaborate, but confirmed that there is a component of the vulnerability that can result in priviledge escalation and unauthenticated remote code execution.
The Kubernetes flaw is a big
With Red Hat stating that the priviledge escalation flaw is a big deal, it literally is a big deal as a rogue agent can use it to steal sensitive data or inject malicious code. They can also bring down entire production application from within an organisation’s firewall.
The only way to solve the issue is an update or upgrade
Red Hat, which owns the Kubernetes, has issued a patch of the exploit that has been given a CVE identified of CVE-2018-1002105 and issued a patched Kubernetes v1.13. However, Kubernetes v1.10, v1.11.5 and v1.12.3 has also been released to patch the issue.