An attacker with access to a Kubernetes cluster could chain two vulnerabilities in Google Kubernetes Engine (GKE) to escalate privileges and take over the cluster, cybersecurity firm Palo Alto Networks reports.
The issues, which may not pose a significant risk on their own, were identified in FluentBit, the default logging agent in GKE, and in Anthos Service Mesh (ASM), an optional add-on for controlling service-to-service communication within the environment.
[...]
Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover
Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover
-
rbc
- President
- Posts: 273
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover
Robert B. Carleton + ISC2 Central Mississippi President