Kubernetes vulnerability CVE-2018-1002105: Proof of concept

There is a major vulnerability in Kubernetes (CVE-2018-1002105) that can be used by attackers to upgrade to cluster admin. Then it is possible to infiltrate malicious code into docker instances. Now a Proof of Concept has appeared – so patching is the order of the day.


Advertising

Kubernetes is an open source system for automating the deployment, scaling and management of container applications (e.g. dockers). Since December 2018 the critical vulnerability CVE-2018-1002105 is known. An attacker may become a kubernetes administrator and can inject malware into containers. Now different versions of a Proof of Concept (POC) have emerged to exploit this vulnerability. 

So an update to versions like 1.10.11, 1.11.5, 1.12.3 or the upcoming version 1.13.0 is strongly recommended. Some information can also be found at Bleeping Computer.


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).