It was only a matter of time, but the first major security exploit was found for Kubernetes. Discovered by Rancher Labs co-founder Darren Shepard, it’s a privilege escalation flaw that is, in the words of Ned Ryerson, a doozy.
Essentially, any users on a node can use a API call to gain admin access to any compute node in a given Kubernetes clusters. To make matters worse, it all looks normal to the cluster, so it doesn’t generate any logs, and its very hard to know if it’s been exploited in the wild.
Luckily, patches are available, but only for versions 1.10.11 going forward. Older versions are out of luck, so maybe it’s time to upgrade?
- Gestalt News for the Week of February 11, 2019 - February 11, 2019
- Intel’s Swan Song | Gestalt IT Rundown: February 6, 2019 - February 6, 2019
- You Need Sensors for Analytics – The On-Premise IT Roundtable - February 5, 2019
- Gestalt News for the Week of February 4, 2019 - February 4, 2019
- Necessary NAS Nomenclature - February 1, 2019
- A Shortage in Common Sense: The Myth of the Talent Gap - January 31, 2019
- Olympic Hacking in Japan | Gestalt IT Rundown: January 30, 2019 - January 30, 2019
- Kubernetes: Theory and Practice - January 30, 2019
- Compute Module 3+ on sale now from $25 - January 29, 2019
- The Government Shutdown and Security - January 24, 2019