Kubernetes was found to have three interconnected, high-severity security issues that may be used to remotely execute code with root rights on Windows endpoints in a cluster.
All Kubernetes setups with Windows nodes are affected by the three vulnerabilities, CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, which have CVSS scores of 8.8. After Akamai made a responsible disclosure on July 13, 2023, fixes for the vulnerabilities were made available on August 23.
All Windows endpoints in a Kubernetes cluster are vulnerable to remote code execution with SYSTEM rights, according to a technical report provided with The Hacker News by Akamai security researcher Tomer Peled. “The attacker will need to apply a malicious YAML file to the cluster in order to exploit this issue read more New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.