Top

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments

December 5, 2018

Category:

A critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software, which is a fixture in much of today’s cloud infrastructure. It could allow an attacker unfettered, remote access for stealing data or crashing production applications.

It marks one of the first serious problems found in Kubernetes, and it’s a whopper, with a CVSS score of 9.8. A hacker can send specially crafted requests to establish a connection through the Kubernetes API server, where the issue exists, to any attached backend servers (such as aggregated API servers and “kubelets,” which are small building-block modules responsible for what’s running on any specific machine).

Read More on Threat Post