Kubernetes, the most popular solution for deploying, scaling, and managing container applications, found the first major vulnerability.
The problem was the ID CVE-2018-1002105 and gained 9.8 points out of 10 possible on the scale CVSS.
The vulnerability was discovered by the specialists of Rancher Labs, which develops Kubernetes-as-a-Service solution Rancher. The bug allowed the attacker to connect to the backend API using a specially prepared network request, and then to send arbitrary requests to the backend itself. The affected Kubernetes installations allowed all of this to be done using the TLS credentials for the API server.
Worse, the default settings allow the API to be used by both authenticated and unauthenticated users, meaning that anyone can exploit the vulnerability. Also, researchers warn that such unauthorized requests are not reflected in the logs of the API-server, that is, it is not easy to detect an attack. It is necessary to search for information about such requests in Kubelet, and it is practically impossible to distinguish malicious activity from usual authorized requests and proxiations.
It is reported that the problem affected versions 1.0. x-1.9. x, 1.10.0-1.10.10, 1.11.0-1.11.4 and 1.12.0-1.12.2. Currently, the developers have already released the corrected versions v 1.10.11, v 1.11.5, v 1.12.3 and v 1.13.0-RC. 1., respectively.
Red Hat developers reported that the bug was a threat to OpenShift products and prepared their own vulnerability report, as well as a series of security bulletins and videos explaining how the attack works.
“The problem of escalation of privileges allows any user to get full Administrator privileges in any node, running in the Kubernetes. It’s very serious. An attacker could not only steal sensitive data or embed malicious code, but could also attack production applications and services because of the company’s firewall”, Red Hat experts emphasize.