There is a major vulnerability in Kubernetes (CVE-2018-1002105) that can be used by attackers to upgrade to cluster admin. Then it is possible to infiltrate malicious code into docker instances. Now a Proof of Concept has appeared – so patching is the order of the day.
Advertising
Kubernetes is an open source system for automating the deployment, scaling and management of container applications (e.g. dockers). Since December 2018 the critical vulnerability CVE-2018-1002105 is known. An attacker may become a kubernetes administrator and can inject malware into containers. Now different versions of a Proof of Concept (POC) have emerged to exploit this vulnerability.
The unauthenticated #Kubernetes exploit has been finished! :D Repo here: https://t.co/pblIxEsLgt Demo here: https://t.co/GU9zyqoWJY
— Vincent (@_evict) 9. Dezember 2018
So an update to versions like 1.10.11, 1.11.5, 1.12.3 or the upcoming version 1.13.0 is strongly recommended. Some information can also be found at Bleeping Computer.
