Kubernetes hit by major security flaw
December 05, 2018 / Sead Fadilpasic
A serious flaw in Kubernetes has been identified, and this one is so big that you should stop using it and update, immediately. Dubbed CVE-2018-1002105, the flaw allows anyone to establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once connected, attackers can send arbitrary requests directly to the backend, and more importantly – these requests get authenticated with the Kubernetes API server's Transport Layer Security (TLS) credentials. Whoever knows about the flaw can assume command of a Kubernetes cluster. Also, there's no concrete log that helps you identify if the flaw has been used or not. “Because the unauthorized requests are made over an established connection, they do not appear in the Kubernetes API server audit logs or server log,” Red Hat’s Ashesh Badani says in a blog post explaining the flaw.