Kubernetes hit by major security flaw


A serious flaw in Kubernetes has been identified, and this one is so big that you should stop using it and update, immediately. Dubbed CVE-2018-1002105, the flaw allows anyone to establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once connected, attackers can send arbitrary requests directly to the backend, and more importantly – these requests get authenticated with the Kubernetes API server’s Transport Layer Security (TLS) credentials.