The recently disclosed critical-impact bug in Kubernetes created strong ripples in the security space of the container-orchestration system. Now, multiple demo exploits exist and come with easy-to-understand explanations.
The severity score of the vulnerability (CVE-2018-1002105) has been established at 9.8, just 0.2 points shy of the perfect ten. This is because one avenue of attack involves unauthenticated users who could escalate privileges and run commands that could allow them to take over entire compute nodes.
An attacker would have to send a specially crafted request to set up a connection to a backend server using the Kubernetes API server. By default, the system's configuration enabled users, authenticated or not, to perform API discovery calls, making a threat actor's work easier.
Although mitigations exist, "none can really be applied without breaking anything else in the cluster," says Twistlock security researcher Ariel Zelivansky.
Full Article.