The Kubernetes privilege escalation flaw

Red Hat has issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes, the most popular cloud container orchestration system. Kubernetes makes it possible to orchestrate containerized applications together, enabling composite services comprised of hundreds, or even thousands, of “simpler” services.

The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes cluster. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall. All Kubernetes-based services and products are affected.

Read more about the critical Kubernetes flaw on Red Hat.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief