Google Cloud has mounted a flaw impacting Kubernetes that might enable an attacker to escalate their privileges.
Based on TheHackerNews, Palo Alto Networks Unit 42 found the flaw and reported it by way of Google’s Vulnerability Reward Program. Google detailed the difficulty in a safety bulletin:
An attacker who has compromised the Fluent Bit logging container might mix that entry with excessive privileges required by Anthos Service Mesh (on clusters which have enabled it) to escalate privileges within the cluster. The problems with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are actually accessible. These vulnerabilities will not be exploitable on their very own in GKE and require an preliminary compromise. We’re not conscious of any cases of exploitation of those vulnerabilities.
Google recommends manually upgrading GKE to make sure clients are operating the patched model:
The next variations of GKE have been up to date with code to repair these vulnerabilities in Fluent Bit and for customers of managed Anthos Service Mesh. For safety functions, even if in case you have node auto-upgrade enabled, we suggest that you simply manually improve your cluster and node swimming pools to one of many following GKE variations or later: