Security Newsletter

10 December 2018

Kubernetes Updates Patch Critical Privilege Escalation Bug

A critical vulnerability in Kubernetes open-source system for handling containerized applications can enable an attacker to gain full administrator privileges on Kubernetes compute nodes.

Kubernetes makes it easier to manage a container environment by organizing application containers into pods, nodes (physical or virtual machines) and clusters. Multiple nodes form a cluster, managed by a master that coordinates cluster-related activities like scaling, scheduling, or updating apps. Each node has an agent called Kubelet that facilitates communication with the Kubernetes master via the API. The number of nodes available in a Kubernetes system can be hundreds and even thousands.

The security bug was discovered by Darren Shepherd, co-founder of Rancher Labs company that provides Kubernetes-as-a-Service solution Rancher. Now tracked as CVE-2018-1002105, the flaw is critical, with a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10. The problem has been addressed in the latest Kubernetes revisions: v1.10.11, v1.11.5, v1.12.3, and v1.13.0-rc.1. Kubernetes releases prior to these along with the products and services based on them are affected by CVE-2018-1002105.

 

More #News

 

#Tech and #Tools

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.