[PLUG] Kubernetes 9.8 vuln

Rachel plays Linux on 4 Dec 2018 13:14:31 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Kubernetes 9.8 vuln

From: Rachel plays Linux <rachelneko@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: [PLUG] Kubernetes 9.8 vuln
Date: Tue, 4 Dec 2018 16:14:14 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=+av13uI0Tmc4gLIv8bsZ/DwfhqoHjsjsIBSgCQKjfuo=; b=hkZ7/+uDDZHdzloq7YaewF6KzWrmpg9FFTo0kj03OHdqMzmAv3fV0tMM0bhr/5Xkvg UpYxhnQNil2upctAHID2nQ/W7byHauZfrKRGa6YjU7aCtzZH67+ijI90WnVgT4ATSpiy OfODG8XV1+jKwhTr1m25Spkd36stJoQsh0T2j4ewWBdSdxBfv+mVhdcx1bu9JA1pJ7/w 0onI+LamZg9Ku+1ZRDty1B6uFgM82MPDBhlGyp37e2xZqVKUQnOQcd20oa9TqUYFLJZM SQAK1XLEpm4xginAnu6iZYwm2varex4oopSOHPtvx7lZx9XBZMScrZ4U9SilaxQBf8hB YWrw==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

There's a critical privilege escalation bug in Kubernetes that's just been patched:

“With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.” [1]

[1] https://github.com/kubernetes/kubernetes/issues/71411

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] Open Source Alternative to OnApp
Next by Date: [PLUG] [plug-announce] Wed Dec 5 - PLUG Central - "Machine Learning an AI" by George Zipperlen (7pm at USP)
Previous by thread: Re: [PLUG] OT: MontCo Dispatch system web & RSS
Next by thread: [PLUG] [plug-announce] Wed Dec 5 - PLUG Central - "Machine Learning an AI" by George Zipperlen (7pm at USP)
Index(es):
- Date
- Thread