I have only seen this in a Twitter post so far, and it sounds quite nasty so I thought I'd bring it to wider attention.
https://twitter.com/IanColdwater/status/1069710608340275201
« More info on CVE-2018-1002105. Recently disclosed Kubernetes vulnerability allows all users, authenticated and unauthenticated, backdoor administrative access to the API server, including the kubelet...and it can't easily be detected in logs. »
https://github.com/kubernetes/kubernetes/issues/71411
On Tue, Dec 04, 2018 at 08:52:30PM +0100, Liam Proven wrote:
I have only seen this in a Twitter post so far, and it sounds quite nasty so I thought I'd bring it to wider attention.
https://twitter.com/IanColdwater/status/1069710608340275201
« More info on CVE-2018-1002105. Recently disclosed Kubernetes vulnerability allows all users, authenticated and unauthenticated, backdoor administrative access to the API server, including the kubelet...and it can't easily be detected in logs. »
https://www.suse.com/de-de/security/cve/CVE-2018-1002105/ https://bugzilla.suse.com/show_bug.cgi?id=1118260
Ciao, Marcus
-
Liam Proven -
Marcus Meissner