News

Kubernetes’ biggest security flaw yet discovered

security hacker
Kubernetes has disclosed and patched a major security flaw
  • Kubernetes has disclosed a major priviledge escalation flaw
  • The flaw has been assigned CVE identifier CVE-2018-1002105

Kubernetes, the widely loved and rapidly adopted cloud container orchestration system has disclosed a massive and critical security issue.

As per a Red Hat advisory, the issue affects “all Kubernetes-based services and products – including Red Hat OpenShift Container Platform, Red Hat OpenShift Online, and Red Hat OpenShift Dedicated“.

While Red Hat did not elaborate, but confirmed that there is a component of the vulnerability that can result in priviledge escalation and unauthenticated remote code execution.

The Kubernetes flaw is a big deal

With Red Hat stating that the priviledge escalation flaw is a big deal, it literally is a big deal as a rogue agent can use it to steal sensitive data or inject malicious code. They can also bring down entire production application from within an organisation’s firewall.

The only way to solve the issue is an update or upgrade

Red Hat, which owns the Kubernetes, has issued a patch of the exploit that has been given a CVE identified of CVE-2018-1002105 and issued a patched Kubernetes v1.13. However, Kubernetes v1.10, v1.11.5 and v1.12.3 has also been released to patch the issue.

Both Microsoft Azure and AWS has issued advisory and patched the flaw in their cloud offerings for Kubernetes based container services.


ALSO READ  Farewell, Opportunity: rover dies, but its hugely successful Mars mission is helping us design the next one

Leave a Reply

avatar
  Subscribe  
Notify of