https://www.bankinfosecurity.com/kubernetes-alert-security-flaw-could-enable-remote-hacking-a-11776
By Jeremy Kirk
Bank InfoSecurity News
December 4, 2018
A severe vulnerability in Kubernetes, the popular open-source software for
managing Linux applications deployed within containers, could allow an
attacker to remotely steal data or crash production applications.
That warning, sounded by Kubernetes expert Darren Shepherd, marks one of
the first serious problems to be seen with Kubernetes, which was first
developed by Google and then turned into an open-source project in 2014
(see: Protecting Containers From Cyberattacks).
On Monday, Red Hat and Microsoft said they've been taking steps to address
the vulnerability, CVE-2018-1002105, which they say poses a "critical"
risk.
Microsoft says its Azure Kubernetes Service "has patched all affected
clusters by overriding the default Kubernetes configuration to remove
unauthenticated access to the entrypoints [Kubernetes commands] that
exposed the vulnerability."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
