"Attackers Chain Two Google Kubernetes Engine Bugs to Escalate Privileges"

Attackers with access to a Kubernetes cluster could exploit two vulnerabilities in the Google Kubernetes Engine (GKE) to escalate their privileges. According to Palo Alto Networks' Unit 42 research team, attackers can use this access to steal data, deploy malicious pods, and disrupt cluster operations. The first flaw is the default configuration of GKE's logging agent, FluentBit, which runs on all Kubernetes clusters by default. The second flaw is the Anthos Service Mesh (ASM) default privileges. If an attacker can execute in the FluentBit container and the cluster has ASM installed, they can create a single chain that allows them to control a Kubernetes cluster. This article continues to discuss the potential exploitation and impact of the GKE bugs. 

SC Media reports "Attackers Chain Two Google Kubernetes Engine Bugs to Escalate Privileges"

Submitted by grigby1