4 comments

[ 3.6 ms ] story [ 21.7 ms ] thread
A new HIGH severity vulnerability was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The issue is affecting the Kubelet component of Kubernetes. This vulnerability allows attackers to abuse subPath property of the volumeMounts and access the entire host file system without using the hostPath feature originally intended for this capability.
while "official" hostPath feature is intended to provide the same result, it is being watched by practically all security and compliance tools, so such access can't go unnoticed. With the subPath abuse attackers can obtain complete host file system access undetected. So it is really urgent to start scanning for this vulnerability and potential exploits until your Kubernetes version is upgraded.
Kubernetes is what happens when you let the marketing department cosplay as engineers.
well, this is probably the reason why the adoption rate of K8s is so high? and why so many organizations are using it or going to use it as their "operating system" of cloud native environments?