Time to Patch Kubernetes

It was only a matter of time, but the first major security exploit was found for Kubernetes. Discovered by Rancher Labs co-founder Darren Shepard, it’s a privilege escalation flaw that is, in the words of Ned Ryerson, a doozy.

via Gfycat

Essentially, any users on a node can use a API call to gain admin access to any compute node in a given Kubernetes clusters. To make matters worse, it all looks normal to the cluster, so it doesn’t generate any logs, and its very hard to know if it’s been exploited in the wild.

Luckily, patches are available, but only for versions 1.10.11 going forward. Older versions are out of luck, so maybe it’s time to upgrade?

Source: GitHub

About the author

Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.

Leave a Comment