Kubernetes hit by major security flaw

null

A serious flaw in Kubernetes has been identified, and this one is so big that you should stop using it and update, immediately. Dubbed CVE-2018-1002105, the flaw allows anyone to establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once connected, attackers can send arbitrary requests directly to the backend, and more importantly – these requests get authenticated with the Kubernetes API server’s Transport Layer Security (TLS) credentials.

https://www.itproportal.com/news/kubernetes-hit-by-major-security-flaw/

Advertisements