. home.aspx



Kubernetes Discloses Major Security Flaw

December 04, 2018 / Jessica Lyons Hardcastle

Kubernetes disclosed a critical security flaw — the container orchestration tool’s first major vulnerability to date — and released Kubernetes 1.13.But first: the security flaw. It affects all Kubernetes-based products and services, and it gives hackers full administrative privileges on any compute node being run in a Kubernetes cluster.As Red Hat’s Ashesh Badani wrote, “This is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”Kubernetes says its new release 1.13 addresses the privilege escalation flaw, dubbed CVE-2018-1002105. And other companies including Red Hat and Microsoft issued patches for their Kubernetes-based products.Microsoft’s Azure Kubernetes Service “has patched all affected clusters by overriding the default Kubernetes configuration to remove unauthenticated access to the entry ...