#PodSecurity

Azure Kubernetes Bug Lays Open Cluster Secrets

by

August 20, 2024 at 05:14PM Microsoft addressed a critical privilege escalation vulnerability in its Azure Kubernetes Service (AKS). Attackers could gain access to credentials and perform malicious actions in affected AKS clusters. The vulnerability, which did not require special privileges, led to unauthorized access to cluster contents. Security teams should audit AKS configurations and take … Read more

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

by

March 14, 2024 at 07:57AM Akamai issued a warning about a high-severity Kubernetes vulnerability, CVE-2023-5528, affecting default installations. The issue allows arbitrary code execution with System privileges on Windows endpoints when creating a pod with a local volume. Akamai provided a PoC exploit and advised upgrading to Kubernetes version 1.28.4, even for clusters without Windows … Read more