"Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers"
Microsoft warns about a vulnerability that allows hackers to take complete control of Azure Kubernetes clusters. The vulnerability, tracked as CVE-2024-29990, enables unauthenticated hackers to steal credentials and affect resources outside the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). The Azure Kubernetes Service bug has a CVSS severity score of 9/10 and could be used to take control of confidential guests and containers beyond the network stack to which it is bound. According to Microsoft, an unauthenticated attacker can move the same workload to a machine under their control. This article continues to discuss Microsoft's warning regarding unauthenticated hackers being able to take complete control of Azure Kubernetes clusters.
Submitted by grigby1