Jun. 28, 2019
The Kubernetes project has patched today a dangerous security flaw that could allow for clever hacks where attackers may run code on the host machine. The vulnerability doesn’t impact the Kubernetes system itself, but kubectl (Kube control), the official command-line utility for working with Kubernetes installations. Security researchers have discovered a security flaw in the kubectl cp (copy) operation that is used to transfer files from containers to a user’s host machine.
Dec. 4, 2018
Kubernetes has become the most popular cloud container orchestration system by far, so it was only a matter of time until its first major security hole was discovered. And the bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a CVSS 9.8 critical security hole.
CVSS 9.8 critical security hole. With a specially crafted network request, any user can establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once established, an attacker can send arbitrary requests over the network connection directly to that backend.
Mar. 24, 2018
Two vulnerabilities were reported and fixed in Kubernetes two weeks ago. The GitHub issues discussing the vulnerabilities and fixes were vague, so in this post I will review the bugs in additional detail and suggest remediation methods.
Source: twistlock.com
Mar. 14, 2018
Unless you’ve been living under a rock for the past three years, you’ve probably heard about Kubernetes. At Handy, our infrastructure is backed by a multi-cluster Kubernetes ecosystem that drives our development, CI/CD, and production environments. You could say we are big advocates and users of Kubernetes at Handy, which is why we were both surprised and intrigued to learn that our coworker’s personal Kubernetes cluster was hacked this past weekend.