09 Dec Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments
A critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software, which is a fixture in much of today’s cloud infrastructure. It could allow an attacker unfettered, remote access for stealing data or crashing production applications.
The issue is particularly concerning thanks to the sheer scale of the vulnerable surface. An attacker can gain deep access to cloud infrastructure, to carry out any number of nefarious actions, including data heists, installing malware, espionage and recon, or changing up production workloads for sabotage purposes.
Read more here: threatpost.com