Security News > 2018 > December > Critical Kubernetes privilege escalation flaw patched, update ASAP!
2018-12-05 11:48
A critical privilege escalation vulnerability affecting the popular open source cluster management and container orchestration software Kubernetes has been patched on Monday. The project maintainers are urging users to update their installations as soon as possible, since the flaw can be easily exploited remotely by unauthenticated attackers to gain access to vulnerable Kubernetes clusters and the applications and data within them. About the vulnerability (CVE-2018-1002105) CVE-2018-1002105 affects the Kubernetes API server – more specifically, its … More → The post Critical Kubernetes privilege escalation flaw patched, update ASAP! appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/TJ4qEJuZd7I/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2018-1002105 | 7PK - Errors vulnerability in multiple products In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. | 9.8 |