What does the Kubernetes privilege escalation flaw mean

Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes.

Sumo Logic CSO, George Gerchow weighs in: "The Kubernetes vulnerability is a huge deal, even more so when you think about its scale of exposure. What makes Kubernetes great is its fundamental speed, orchestration, automation, and scale. All of those qualities become an instant detriment when a security issue arises as they rapidly extend the reach of the attack. 

With that said, any well-versed security professional would expect this to happen, as emerging technology is notoriously known to treat security as an afterthought.

Looking at it from a bigger picture, this is another example of how development and security teams need to work together through DevSecOps to establish guardrails and best practices while maintaining agility. Most organizations lack visibility into the proper security and configuration of not just its containers, but the CI/CD pipeline as a whole.”

Moving forward, developers must pay close attention to uniquely identified logs by leveraging machine learning. This will help proactively identify these potential attacks as the requests appear in the kubelet or aggregated API server logs, that would otherwise be indistinguishable from correctly authorized and proxied requests via the Kubernetes API server. If developers - and digital organizations as a whole -- are not able to correctly identify bad behavior via logs, that is a major flaw."

RedHat has been quick to respond and offers an explanatory video to help understand the flaw, which in short, would allow any user to gain full administrator privileges on any compute node being run in a Kubernetes pod.