[opensuse-factory] K8s vulnerability
I have only seen this in a Twitter post so far, and it sounds quite nasty so I thought I'd bring it to wider attention. https://twitter.com/IanColdwater/status/1069710608340275201 « More info on CVE-2018-1002105. Recently disclosed Kubernetes vulnerability allows all users, authenticated and unauthenticated, backdoor administrative access to the API server, including the kubelet...and it can't easily be detected in logs. » https://github.com/kubernetes/kubernetes/issues/71411 -- Liam Proven - Technical Writer, SUSE Linux s.r.o. Corso II, Křižíkova 148/34, 186-00 Praha 8 - Karlín, Czechia Email: lproven@suse.com - Office telephone: +420 284 241 084 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, Dec 04, 2018 at 08:52:30PM +0100, Liam Proven wrote:
I have only seen this in a Twitter post so far, and it sounds quite nasty so I thought I'd bring it to wider attention.
https://twitter.com/IanColdwater/status/1069710608340275201
« More info on CVE-2018-1002105. Recently disclosed Kubernetes vulnerability allows all users, authenticated and unauthenticated, backdoor administrative access to the API server, including the kubelet...and it can't easily be detected in logs. »
https://www.suse.com/de-de/security/cve/CVE-2018-1002105/ https://bugzilla.suse.com/show_bug.cgi?id=1118260 Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (2)
-
Liam Proven
-
Marcus Meissner