. home.aspx



Incomplete Fix Leads to New Kubernetes Bug

June 24, 2019 / Cyber security news, cyber-attack news, data secur

A new high-severity Kubernetes vulnerability has been discovered, according to security announcement on Securelists.org. As part of the ongoing Kubernetes security audit sponsored by the Cloud Native Computing Foundation, the Kubernetes product security team announced a new high-severity vulnerability (CVE-2019-11246) that impacts kubectl, the command line interface used to run commands against Kubernetes clusters. “Another security issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal such that a malicious container could replace or create files on a user’s workstation. The vulnerability is a client-side defect and requires user interaction to be exploited. The issue is high severity and upgrading kubectl to Kubernetes 1.12.9, 1.13.6, and 1.14.2 or later is encouraged to fix this issue,” wrote Joel Smith. To determine whether you are vulnerable, Smith said to run kubectl version --client. Any versions other than client ve...