cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Advocate III

Kubernetes

Even if you don't run Kubernetes (and I know some of you do), you probably need to pay attention to their security bug.  See, Kubernetes is an infrastructure component of a lot of cloud systems--and, nowadays, who isn't running, storing, or managing something in the cloud?

 

The flaw, in brief, allows anyone to submit a malformed request to Kubernetes pods over the API.  Rather than simply being ignored, this allows the attacker to then submit further requests without any authorization checking.  Which means that attackers can do pretty much anything with the pods.  Which means they can get at pretty much anything you've got on the cloud that is managed via Kubernetes.  Or that anyone is managing on your behalf using Kubernetes ...

 

The bug is now fixed.  If you run Kubernetes make sure you are updated to the latest level.  If you don't run Kubernetes, find out if anyone you rely on does ...


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468