Privilege escalation security hole in Kubernetes

Darren Shepherd of Rancher Labs has found a severe security vulnerability in Kubernetes.

The vulnerability allows specially crafted requests to establish a connection through the Kubernetes API server to backend servers (such as aggregated API servers and kubelets), and send arbitrary requests over this connection to the backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.

All Kubernetes-based services and products, including Red Hat OpenShift products are affected. Red Hat's Ashesh Badani comments on the security hole CVE-2018-1002105: "This is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall."

Kubernetes versions 1.10.11, 1.11.5 and 1.12.3 have been released with fixes for the vulnerability.