Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

What does the Kubernetes privilege escalation flaw mean


RedHat has released CVE-2018-1002105 to help handle the recent privilege escalation flaw impacting Kubernetes that would allow users to gain full administrator access privileges to any compute node.

Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes.

Sumo Logic CSO, George Gerchow weighs in: "All Kubernetes-based services and products - including Red Hat OpenShift Container Platform, Red Hat OpenShift Online, and Red Hat OpenShift Dedicated - are affected by this vulnerability.

The Kubernetes vulnerability is a huge deal, even more so when you think about its scale of exposure. What makes Kubernetes great is its fundamental speed, orchestration, automation, and scale. All of those qualities become an instant detriment when a security issue arises as they rapidly extend the reach of the attack.

With that said, any well-versed security professional would expect this to happen, as emerging technology is notoriously known to treat security as an afterthought.

Looking at it from a bigger picture, this is another example of how development and security teams need to work together through DevSecOps to establish guardrails and best practices while maintaining agility. Most organizations lack visibility into the proper security and configuration of not just its containers, but the CI/CD pipeline as a whole.”

Moving forward, developers must pay close attention to uniquely identified logs by leveraging machine learning. This will help proactively identify these potential attacks as the requests appear in the kubelet or aggregated API server logs, that would otherwise be indistinguishable from correctly authorized and proxied requests via the Kubernetes API server. If developers - and digital organizations as a whole -- are not able to correctly identify bad behavior via logs, that is a major flaw."

RedHat has been quick to respond and offers an explanatory video to help understand the flaw, which in short, would allow any user to gain full administrator privileges on any compute node being run in a Kubernetes pod.

Read more: https://access.redhat.com/security/cve/cve-2018-10...

Securing Your Cloud: IBM z/VM Security for IBM z Systems and linuxONE

The necessary steps to secure your environment for all of the components that are involved in a z Systems cloud infrastructure that uses IBM z/VMand Linux on z Systems.

A new way to manage your development projects

Learn the best ways to organize your app development projects, and keep code straight, clients happy, and breathe a easier through launches.

The Latest Nerd Ranch Guide (3rd Edition) to Android Programming

Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.

Starting your own app business?

How to create a profitable, sustainable business developing and marketing mobile apps.

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images