It has been reported that Kubernetes vulnerability hits top of severity scale. The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.The vulnerability (CVE-2018-1002105) allows for privilege escalation and can be accessed by both authorised and unauthorised users.
Gavin Millard, VP of Intelligence at Tenable explains the vulnerability and what organisations can do to protect themselves.
Gavin Millard, VP of Intelligence at Tenable:
“With the proof of concept code being published in the last 24 hours for the Kubernetes flaw, anyone running the orchestration software should consider patching as quickly as possible. Due to the nature of the vulnerability, identifying systems falling foul of the exploit will be incredibly hard, so prevention rather than detection is necessary. Fortunately Kubernetes is favoured by organisations that are agile in development and deployment, so the ability to rapidly update software is standard practice.
“Containerisation and DevOps can have incredible benefits for organisations that adopt the approach, but it’s critically important that security is baked into the transformation to the more agile approach in development and deployment. “Shifting left” or introducing security controls earlier into the development process, can ensure the benefits are realised without an increase to the attack surface or overall Cyber Exposure.”