{"id":19288,"date":"2019-06-26T11:53:27","date_gmt":"2019-06-26T10:53:27","guid":{"rendered":"https:\/\/www.devopsonline.co.uk\/?p=19288"},"modified":"2019-06-26T14:05:29","modified_gmt":"2019-06-26T13:05:29","slug":"new-kubernetes-security-flaw-discovered","status":"publish","type":"post","link":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/","title":{"rendered":"New Kubernetes security flaw discovered"},"content":{"rendered":"<p>A security researcher has discovered a new flaw in the <a href=\"https:\/\/kubernetes.io\/\">open-source container orchestration platform Kubernetes<\/a>. If exploited, hackers could use the flaw to place malware onto workstations through the containers tar binary, resulting in the ability to potentially re-write paths.<\/p>\n<p>Charles Holmes from Atredis Partners discovered the most recent problem as part of a security review for Cloud Native Computing Foundation \u2013 a Kubernetes Third Party Security Audit sponsored team. The fault was found in the Kubernetes kubectl command line tool, a tool that allows the running of commands against <a href=\"https:\/\/www.devopsonline.co.uk\/adopt-devops-kubernetes-to-stay-competitive\/\">Kubernetes clusters<\/a> and lets users copy files between containers.<\/p>\n<p>This is just one of many <a href=\"https:\/\/www.devopsonline.co.uk\/aqua-security-announces-container-vulnerabilities-detecting-and-blocking-solution-in-industry-first\/\">security issues<\/a> that has affected this type of platform recently.\u00a0 <a href=\"https:\/\/www.sdxcentral.com\/articles\/news\/kubernetes-kubectl-cli-tool-stung-by-high-severity-security-flaw\/2019\/03\/\">A previous defect in March<\/a> also affected the system.<\/p>\n<h3>Kubernetes security flaw<\/h3>\n<p>Commenting on the security threat to the platform, Joel Smith, a representative for the Kubernetes product security committee, said that the newest defect was connected to the previous CVE-2019-1002101 flaw from March. Like the current failing, this flaw was thought to be a serious security problem.<\/p>\n<p>The issue from March allowed malware to be infiltrated to kubectl, although it was thought that the flaw had been patched.<\/p>\n<p>Smith commented on the link between the problems, saying: &#8220;The original fix for that issue was incomplete and a new exploit method was discovered.&#8221;<\/p>\n<p>He said that to fix the latest security issue, users need to upgrade kubectl to 1.12.9, 1.13.6, and 1.14.2 or later.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A security researcher has discovered a new flaw in the open-source container orchestration platform Kubernetes. If exploited, hackers could use the flaw to place malware onto workstations through the containers tar binary, resulting in the ability to potentially re-write paths. Charles Holmes from Atredis Partners discovered the most recent problem as part of a security&#8230;<\/p>\n","protected":false},"author":45,"featured_media":19291,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","pmpro_default_level":"","footnotes":""},"categories":[1158],"tags":[3374,1614,112],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Kubernetes security flaw discovered - DevOps Online North America<\/title>\n<meta name=\"description\" content=\"Kubernetes security flaw: A new flaw has been discovered in the security of Kubernetes and has lead to the platform being potentially exposed to hackers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Kubernetes security flaw discovered - DevOps Online North America\" \/>\n<meta property=\"og:description\" content=\"Kubernetes security flaw: A new flaw has been discovered in the security of Kubernetes and has lead to the platform being potentially exposed to hackers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/\" \/>\n<meta property=\"og:site_name\" content=\"DevOps Online North America\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-26T10:53:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-26T13:05:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1367\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"grace barnott\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@DevOpsAmerica\" \/>\n<meta name=\"twitter:site\" content=\"@DevOpsAmerica\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"grace barnott\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/\"},\"author\":{\"name\":\"grace barnott\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/13f07bc13309191f2e656ba88b8aab63\"},\"headline\":\"New Kubernetes security flaw discovered\",\"datePublished\":\"2019-06-26T10:53:27+00:00\",\"dateModified\":\"2019-06-26T13:05:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/\"},\"wordCount\":241,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/devopsnews.online\/#organization\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg\",\"keywords\":[\"kubectl\",\"Kubernetes\",\"security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/\",\"url\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/\",\"name\":\"New Kubernetes security flaw discovered - DevOps Online North America\",\"isPartOf\":{\"@id\":\"https:\/\/devopsnews.online\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg\",\"datePublished\":\"2019-06-26T10:53:27+00:00\",\"dateModified\":\"2019-06-26T13:05:29+00:00\",\"description\":\"Kubernetes security flaw: A new flaw has been discovered in the security of Kubernetes and has lead to the platform being potentially exposed to hackers.\",\"breadcrumb\":{\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#primaryimage\",\"url\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg\",\"contentUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg\",\"width\":2048,\"height\":1367,\"caption\":\"Updating Kubernetes\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devopsnews.online\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Kubernetes security flaw discovered\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devopsnews.online\/#website\",\"url\":\"https:\/\/devopsnews.online\/\",\"name\":\"DevOps Online North America\",\"description\":\"by 31 Media Ltd.\",\"publisher\":{\"@id\":\"https:\/\/devopsnews.online\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devopsnews.online\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/devopsnews.online\/#organization\",\"name\":\"DevOps Online North America\",\"url\":\"https:\/\/devopsnews.online\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png\",\"contentUrl\":\"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png\",\"width\":198,\"height\":64,\"caption\":\"DevOps Online North America\"},\"image\":{\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/DevOpsAmerica\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/13f07bc13309191f2e656ba88b8aab63\",\"name\":\"grace barnott\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devopsnews.online\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/45f56545d23ef0b82f250c1ba53817b2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/45f56545d23ef0b82f250c1ba53817b2?s=96&d=mm&r=g\",\"caption\":\"grace barnott\"},\"sameAs\":[\"http:\/\/31media.co.uk\"],\"url\":\"https:\/\/devopsnews.online\/author\/grace-barnott31media-co-uk\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Kubernetes security flaw discovered - DevOps Online North America","description":"Kubernetes security flaw: A new flaw has been discovered in the security of Kubernetes and has lead to the platform being potentially exposed to hackers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/","og_locale":"en_US","og_type":"article","og_title":"New Kubernetes security flaw discovered - DevOps Online North America","og_description":"Kubernetes security flaw: A new flaw has been discovered in the security of Kubernetes and has lead to the platform being potentially exposed to hackers.","og_url":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/","og_site_name":"DevOps Online North America","article_published_time":"2019-06-26T10:53:27+00:00","article_modified_time":"2019-06-26T13:05:29+00:00","og_image":[{"width":2048,"height":1367,"url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg","type":"image\/jpeg"}],"author":"grace barnott","twitter_card":"summary_large_image","twitter_creator":"@DevOpsAmerica","twitter_site":"@DevOpsAmerica","twitter_misc":{"Written by":"grace barnott","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#article","isPartOf":{"@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/"},"author":{"name":"grace barnott","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/13f07bc13309191f2e656ba88b8aab63"},"headline":"New Kubernetes security flaw discovered","datePublished":"2019-06-26T10:53:27+00:00","dateModified":"2019-06-26T13:05:29+00:00","mainEntityOfPage":{"@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/"},"wordCount":241,"commentCount":0,"publisher":{"@id":"https:\/\/devopsnews.online\/#organization"},"image":{"@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#primaryimage"},"thumbnailUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg","keywords":["kubectl","Kubernetes","security"],"articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/","url":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/","name":"New Kubernetes security flaw discovered - DevOps Online North America","isPartOf":{"@id":"https:\/\/devopsnews.online\/#website"},"primaryImageOfPage":{"@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#primaryimage"},"image":{"@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#primaryimage"},"thumbnailUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg","datePublished":"2019-06-26T10:53:27+00:00","dateModified":"2019-06-26T13:05:29+00:00","description":"Kubernetes security flaw: A new flaw has been discovered in the security of Kubernetes and has lead to the platform being potentially exposed to hackers.","breadcrumb":{"@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#primaryimage","url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg","contentUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2019\/06\/kubernetes.jpg","width":2048,"height":1367,"caption":"Updating Kubernetes"},{"@type":"BreadcrumbList","@id":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devopsnews.online\/"},{"@type":"ListItem","position":2,"name":"New Kubernetes security flaw discovered"}]},{"@type":"WebSite","@id":"https:\/\/devopsnews.online\/#website","url":"https:\/\/devopsnews.online\/","name":"DevOps Online North America","description":"by 31 Media Ltd.","publisher":{"@id":"https:\/\/devopsnews.online\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devopsnews.online\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/devopsnews.online\/#organization","name":"DevOps Online North America","url":"https:\/\/devopsnews.online\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/","url":"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png","contentUrl":"https:\/\/devopsnews.online\/wp-content\/uploads\/2020\/03\/DevOpsOnline_email.png","width":198,"height":64,"caption":"DevOps Online North America"},"image":{"@id":"https:\/\/devopsnews.online\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/DevOpsAmerica"]},{"@type":"Person","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/13f07bc13309191f2e656ba88b8aab63","name":"grace barnott","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devopsnews.online\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/45f56545d23ef0b82f250c1ba53817b2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/45f56545d23ef0b82f250c1ba53817b2?s=96&d=mm&r=g","caption":"grace barnott"},"sameAs":["http:\/\/31media.co.uk"],"url":"https:\/\/devopsnews.online\/author\/grace-barnott31media-co-uk\/"}]}},"_links":{"self":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts\/19288"}],"collection":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/users\/45"}],"replies":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/comments?post=19288"}],"version-history":[{"count":0,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/posts\/19288\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/media\/19291"}],"wp:attachment":[{"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/media?parent=19288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/categories?post=19288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devopsnews.online\/wp-json\/wp\/v2\/tags?post=19288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}