Update NOW! CVE-2018-1002105, with root access. Kubernetes’ first major security hole discovered | ZDNet
Posted by jpluimers on 2018/12/04
From [WayBack] Kubernetes’ first major security hole discovered | ZDNet in reverse order:
Fortunately, there is a fix, but some of you aren’t going to like it. You must upgrade Kubernetes. Now. Specifically, there are patched version of Kubernetes [WayBack] v1.10.11, [WayBack] v1.11.5, [WayBack] v1.12.3, and [WayBack] v1.13.0-rc.1.
…
[WayBack] Red Hat said, “The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes pod. [WayBack] This is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”
…
And the bug, [WayBack] CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a [WayBack] CVSS 9.8 critical security hole.
Via [WayBack] Kubernetes’ first major security hole discovered | ZDNet – Ondrej Kelle – Google+
–jeroen
Leave a Reply