Kubernetes were patched to fix the privilege escalation vulnerability

Recently, Kubernetes was found to have a serious security vulnerability. This vulnerability mark as CVE-2018-1002105. A malicious user can use the Kubernetes API server to connect to the backend server to send arbitrary requests and authenticate with the TLS credentials of the API server. The seriousness of this vulnerability is that it can be executed remotely, the attack is not complicated, and no user interaction or special permissions are required.

Affected components:

• Kubernetes API server

Affected versions:

• Kubernetes v1.0.x-1.9.x
• Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11)
• Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5)
• Kubernetes v1.12.0-1.12.2 (fixed in v1.12.3)

The worst thing is that there is no easy way for the user to detect if this vulnerability has been used. Since unauthorized requests are made through established connections, they do not appear in the Kubernetes API server audit log or server log. The request does appear in the kubelet or aggregated API server logs, but it is not distinguishable from requests that are properly authorized and proxied by the Kubernetes API server.