14 DAY TRIAL // A critical security issue in the Kubernetes open source and automated app container deployment, scaling, and management system could allow attackers to gain full root access to computing nodes.
What makes this security issue highly critical is the fact that most Kubernetes systems can contain thousands of nodes used to manage container environments for a wide array of applications.
"In default configurations, all users (authenticated and unauthenticated) are allowed to perform discovery API calls that allow this escalation," said Jordan Liggitt in the original issue committed to the Kubernetes GitHub repository.
Furthermore, the flaw can also be exploited by escalating pod exec/attach/portforward API calls to be able to run any API request against the kubelet API for the node defined in the pod spec.
Once potential attackers gain cluster-admin level access to the Kubernetes service catalog, they can easily create brokered services on any node and in any namespace, allowing for simple deployment of malicious code or alteration of any existing services.
CVE-2018-1002105 received a critical 9.8 security impact score
Moreover, according to Red Hat, "all Kubernetes-based services and products are affected" and "the privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes cluster. "
The privilege escalation vulnerability received a security impact score of Critical with a CVSS3 Base Score of 9.8 out of a maximum of 10 and is being tracked as CVE-2018-1002105.
Kubernetes v1.10.11, v1.11.5, v1.12.3, and v1.13.0-rc.1 have been released as fixes for the critical CVE-2018-1002105 security issue which makes all previous Kubernetes API Server versions vulnerable to exploitation.
Red Hat also added regarding potential attackers that "Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall."