Security News > 2018 > December > Critical Kubernetes privilege escalation flaw patched, update ASAP!

Critical Kubernetes privilege escalation flaw patched, update ASAP!
2018-12-05 11:48

A critical privilege escalation vulnerability affecting the popular open source cluster management and container orchestration software Kubernetes has been patched on Monday. The project maintainers are urging users to update their installations as soon as possible, since the flaw can be easily exploited remotely by unauthenticated attackers to gain access to vulnerable Kubernetes clusters and the applications and data within them. About the vulnerability (CVE-2018-1002105) CVE-2018-1002105 affects the Kubernetes API server – more specifically, its … More → The post Critical Kubernetes privilege escalation flaw patched, update ASAP! appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/TJ4qEJuZd7I/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-12-05 CVE-2018-1002105 7PK - Errors vulnerability in multiple products
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
network
low complexity
kubernetes redhat netapp CWE-388
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 12 49 24 6 91