{"id":7991,"date":"2018-12-11T00:10:00","date_gmt":"2018-12-10T23:10:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=7991"},"modified":"2018-12-10T17:17:07","modified_gmt":"2018-12-10T16:17:07","slug":"poc-for-kubernetes-vulnerability-cve-2018-1002105","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/12\/11\/poc-for-kubernetes-vulnerability-cve-2018-1002105\/","title":{"rendered":"Kubernetes vulnerability CVE-2018-1002105: Proof of concept"},"content":{"rendered":"

There is a major vulnerability in Kubernetes (CVE-2018-1002105) that can be used by attackers to upgrade to cluster admin. Then it is possible to infiltrate malicious code into docker instances. Now a Proof of Concept has appeared – so patching is the order of the day. <\/p>\n

<\/p>\n

Kubernetes<\/a> is an open source system for automating the deployment, scaling and management of container applications (e.g. dockers). Since December 2018 the critical vulnerability CVE-2018-1002105 is known. An attacker may become a kubernetes administrator and can inject malware into containers. Now different versions of a Proof of Concept (POC) have emerged to exploit this vulnerability.  <\/p>\n

\n

The unauthenticated #Kubernetes<\/a> exploit has been finished! :D Repo here: https:\/\/t.co\/pblIxEsLgt<\/a> Demo here: https:\/\/t.co\/GU9zyqoWJY<\/a><\/p>\n

\u2014 Vincent (@_evict) 9. Dezember 2018<\/a><\/p><\/blockquote>\n