The Kubernetes Security Operations Center has released a list of eight existing vulnerabilities in Kubernetes that IT teams need to focus on as they are the most likely to be exploited by malicious actors, Cloud Native Now reports.
These include the vulnerability designated CVE 2021-3121, which is linked to a flaw in Kubernetes GoGo protobuf compiler in versions earlier than 1.3.2.The flaw involves using a malicious protobuf message to cause panic and potentially cause information disclosure, denial of service, or data manipulation against the victim.
Another flaw, designated CVE 2020-8559, has had multiple proofs-of-concept already disclosed. The vulnerability can enable an attacker to intercept and redirect certain upgrade requests to the kubelet. This may then allow them to obtain credentials necessary to gain control of other nodes and essential gain privilege escalation and lateral movement capabilities. The flaws severity may be escalated in cases where multiple clusters share the same certificate authority.
Cloud Security
KSOC reveals top Kubernetes vulnerabilities
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds