Kubernetes has become the most popular cloud container orchestration system by far, so it was only a matter of time until its first major security hole was discovered. And the bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a CVSS 9.8 critical security hole. With a specially crafted network request, any user can establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once established, an attacker can send arbitrary requests over the network connection directly to that backend. Adding insult to injury, these requests are authenticated with the Kubernetes API server’s Transport Layer Security (TLS) credentials.
Read more about the privilege escalation bug in cloud container orchestration service, Kubernetes on ZDNet.
Other topics of interest:
- FingBox Gives You Network Superpowers: Network security that contributes to physical security
- Sometimes it seems every cybersecurity story is a Facebook story
- Main Street Cybersecurity: 10 Cost Effective Strategies for confronting Ransomware
- Opinion: Anyone with desire and a computer can have a successful career in AI