From bankinfosecurity.com
A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications.
That warning, sounded by Kubernetes expert Darren Shepherd, marks one of the first serious problems to be seen with Kubernetes, which was first developed by Google and then turned into an open-source project in 2014 (see Protecting Containers From Cyberattacks).
On Monday, Red Hat and Microsoft said they’ve been taking steps to address the vulnerability, CVE-2018-1002105, which they say poses a “critical” risk.
Microsoft says its Azure Kubernetes Service “has patched all affected clusters by overriding the default Kubernetes configuration to remove unauthenticated access to the entrypoints [Kubernetes commands] that exposed the vulnerability.”