
Critical Privilege Escalation Flaw Patched in Kubernetes - edejong
https://www.securityweek.com/critical-privilege-escalation-flaw-patched-kubernetes
======
edejong
Heads up, this is a critical Kubernetes security vulnerability that can be
exploited without any credentials via a network vector and without leaving a
trace.

It fixes Kubernetes issue 71411 [1]: CVE-2018-1002105: proxy request handling
in kube-apiserver can leave vulnerable TCP connections.

[https://github.com/kubernetes/kubernetes/issues/71411](https://github.com/kubernetes/kubernetes/issues/71411)

