Description
Kubernetes is prone to a local unauthorized-access vulnerability. A local attacker can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. Kubernetes version 1.8.x through 1.14.x are vulnerable.
Technologies Affected
- IBM Cloud Private 3.1.0
- IBM Cloud Private 3.1.1
- IBM Cloud Private 3.1.2
- IBM Cloud Private 3.2.0 CD
- Kubernetes Kubernetes 1.10.0
- Kubernetes Kubernetes 1.10.1
- Kubernetes Kubernetes 1.10.10
- Kubernetes Kubernetes 1.10.11
- Kubernetes Kubernetes 1.10.12
- Kubernetes Kubernetes 1.10.2
- Kubernetes Kubernetes 1.10.3
- Kubernetes Kubernetes 1.10.4
- Kubernetes Kubernetes 1.10.5
- Kubernetes Kubernetes 1.10.6
- Kubernetes Kubernetes 1.10.7
- Kubernetes Kubernetes 1.10.8
- Kubernetes Kubernetes 1.10.9
- Kubernetes Kubernetes 1.11.0
- Kubernetes Kubernetes 1.11.1
- Kubernetes Kubernetes 1.11.2
- Kubernetes Kubernetes 1.11.3
- Kubernetes Kubernetes 1.11.4
- Kubernetes Kubernetes 1.11.5
- Kubernetes Kubernetes 1.11.6
- Kubernetes Kubernetes 1.11.7
- Kubernetes Kubernetes 1.11.8
- Kubernetes Kubernetes 1.11.9
- Kubernetes Kubernetes 1.12.0
- Kubernetes Kubernetes 1.12.1
- Kubernetes Kubernetes 1.12.2
- Kubernetes Kubernetes 1.12.3
- Kubernetes Kubernetes 1.12.4
- Kubernetes Kubernetes 1.12.5
- Kubernetes Kubernetes 1.12.6
- Kubernetes Kubernetes 1.12.7
- Kubernetes Kubernetes 1.13.0
- Kubernetes Kubernetes 1.13.3
- Kubernetes Kubernetes 1.13.4
- Kubernetes Kubernetes 1.13.5
- Kubernetes Kubernetes 1.14.0
- Kubernetes Kubernetes 1.8.0
- Kubernetes Kubernetes 1.9.0
- Kubernetes Kubernetes 1.9.1
- Kubernetes Kubernetes 1.9.10
- Kubernetes Kubernetes 1.9.2
- Kubernetes Kubernetes 1.9.3
- Kubernetes Kubernetes 1.9.4
- Kubernetes Kubernetes 1.9.5
- Kubernetes Kubernetes 1.9.6
- Kubernetes Kubernetes 1.9.7
- Kubernetes Kubernetes 1.9.8
- Kubernetes Kubernetes 1.9.9
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To reduce the risk of exploits, allow only local and accountable individuals to access affected computers.
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].