{"id":19288,"date":"2019-06-26T11:53:27","date_gmt":"2019-06-26T10:53:27","guid":{"rendered":"https:\/\/www.devopsonline.co.uk\/?p=19288"},"modified":"2019-06-26T14:05:29","modified_gmt":"2019-06-26T13:05:29","slug":"new-kubernetes-security-flaw-discovered","status":"publish","type":"post","link":"https:\/\/devopsnews.online\/new-kubernetes-security-flaw-discovered\/","title":{"rendered":"New Kubernetes security flaw discovered"},"content":{"rendered":"
A security researcher has discovered a new flaw in the open-source container orchestration platform Kubernetes<\/a>. If exploited, hackers could use the flaw to place malware onto workstations through the containers tar binary, resulting in the ability to potentially re-write paths.<\/p>\n Charles Holmes from Atredis Partners discovered the most recent problem as part of a security review for Cloud Native Computing Foundation \u2013 a Kubernetes Third Party Security Audit sponsored team. The fault was found in the Kubernetes kubectl command line tool, a tool that allows the running of commands against Kubernetes clusters<\/a> and lets users copy files between containers.<\/p>\n This is just one of many security issues<\/a> that has affected this type of platform recently.\u00a0 A previous defect in March<\/a> also affected the system.<\/p>\n Commenting on the security threat to the platform, Joel Smith, a representative for the Kubernetes product security committee, said that the newest defect was connected to the previous CVE-2019-1002101 flaw from March. Like the current failing, this flaw was thought to be a serious security problem.<\/p>\n The issue from March allowed malware to be infiltrated to kubectl, although it was thought that the flaw had been patched.<\/p>\n Smith commented on the link between the problems, saying: “The original fix for that issue was incomplete and a new exploit method was discovered.”<\/p>\n He said that to fix the latest security issue, users need to upgrade kubectl to 1.12.9, 1.13.6, and 1.14.2 or later.<\/p>\n","protected":false},"excerpt":{"rendered":" A security researcher has discovered a new flaw in the open-source container orchestration platform Kubernetes. If exploited, hackers could use the flaw to place malware onto workstations through the containers tar binary, resulting in the ability to potentially re-write paths. Charles Holmes from Atredis Partners discovered the most recent problem as part of a security…<\/p>\n","protected":false},"author":45,"featured_media":19291,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","pmpro_default_level":"","footnotes":""},"categories":[1158],"tags":[3374,1614,112],"yoast_head":"\nKubernetes security flaw<\/h3>\n