Posts under Kubernetes Vulnerability
A new Kubernetes security vulnerability was announced today, along with patch releases for the issue for Kubernetes versions 1.13, 1.14, and 1.15. CVE-2019-11247 discloses a serious vulnerability in the K8s API that could allow users to read, modify or delete cluster-wide custom resources, even if they only have RBAC permissions for namespaced resources. If your clusters aren’t using Custom Resource Definitions (CRDs), you aren’t affected. But CRDs have become a critical component of many Kubernetes-native projects like Istio, so many users are impacted.
Two Kubernetes security vulnerabilities were disclosed yesterday: CVE-2019-1002101, a high severity issue, and CVE-2019-9946, a medium severity issue. Read on for a description of the vulnerabilities and their impact, how to know whether you’re affected, and what the remediation steps are. CVE-2019-1002101: kubectl cp could replace or delete files on a user machine This vulnerability is in the kubectl binary – specifically, in the kubectl cp command. An attacker can exploit this vulnerability to write files to any path on the user’s machine, limited only by the system permissions of the local user.