Saturday, March 30, 2019

Kubernetes community found a “high” severity security flaw in a component of the platform

The Kubernetes community found a "high" severity security flaw in a component of the platform that could delete files on a user's workstation. The latest security blip comes on the heels of the latest Kubernetes release and the platform's first major security flaw that was announced late last year.

The latest flaw, dubbed CVE-2019-1002101, impacts the Kubernetes kubectl cp command. If compromised, the flaw could allow an attacker to write files to any path on the user's machine.

Kubectl, which is pronounced "cube-cuddle," is a command line interface (CLI) for running commands against Kubernetes clusters. It basically allows for the copying of files between containers and the user's machine.

The latest security issue was initially found earlier this month by Ariel Zelivansky, a security researcher at Twistlock. He explained that the new flaw was linked to a patch that was sent out last year.


No comments:

Post a Comment