Information Security News mailing list archives
Kubernetes Alert: Security Flaw Could Enable Remote Hacking
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 5 Dec 2018 07:59:03 +0000 (UTC)
https://www.bankinfosecurity.com/kubernetes-alert-security-flaw-could-enable-remote-hacking-a-11776 By Jeremy Kirk Bank InfoSecurity News December 4, 2018A severe vulnerability in Kubernetes, the popular open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications.
That warning, sounded by Kubernetes expert Darren Shepherd, marks one of the first serious problems to be seen with Kubernetes, which was first developed by Google and then turned into an open-source project in 2014 (see: Protecting Containers From Cyberattacks).
On Monday, Red Hat and Microsoft said they've been taking steps to address the vulnerability, CVE-2018-1002105, which they say poses a "critical" risk.
Microsoft says its Azure Kubernetes Service "has patched all affected clusters by overriding the default Kubernetes configuration to remove unauthenticated access to the entrypoints [Kubernetes commands] that exposed the vulnerability."
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Kubernetes Alert: Security Flaw Could Enable Remote Hacking InfoSec News (Dec 05)