Some systems contain multitudes—of ways for attackers to access your data.
In late March, cybersecurity firm Wiz discovered a security flaw in Kubernetes, the open-source container system that’s used worldwide. The vulnerability, which affected the admission control component of Ingress NGINX Controller for Kubernetes, could allow remote code execution.
Ami Luttwak, CTO and co-founder at Wiz, told IT Brew that the company found that around 43% of cloud environments were exposed to the vulnerability. Specifically, Wiz’s report found “6,500 clusters, including Fortune 500 companies, that publicly expose vulnerable Kubernetes ingress controllers’ admission controllers to the public internet.”
“We scanned for exposed Kubernetes clusters, meaning Kubernetes clusters that have at least one service exposed to the internet,” Luttwak said. “This means that attackers are able to access or connect to that Kubernetes environment.”
The admission controller, Wiz found, was accessible without authentication. Ingress NGINX allowed for injecting a configuration remotely, leading to an escalation in privileges that would allow attackers to execute code remotely.
Lock it down. Wiz reported the vulnerability to Kubernetes, which had patched it by the time the report was released on Mar. 24. Tabitha Sable, a member of the Kubernetes Security Response Committee, told IT Brew that the exploitability of the vulnerability could allow access to clusters and the possibility of valuable information being exposed. That’s a matter of course, she said—but there are other dangers that are more pressing.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“It’s also possible to imagine a very vulnerable environment where it would be important to set your fork down in the middle of dinner and take care of it, which highlights the value of defense in depth,” Sable said.
Luttwak told IT Brew that he was pleased to see how quickly Kubernetes acted to patch the vulnerability. The process wasn’t easy, they said, but the community came together.
“Everyone took it very seriously, but it also took time because it’s a very, very severe vulnerability,” Luttwak said. “They had to rethink and redesign how to handle this entire service.”
As a widely used open-source platform, Kubernetes does run into problems. But the platform’s advocates tend to take a proactive approach to solving problems. Vulnerabilities in the system related to Microsoft Azure led to a patch in December. Sable told IT Brew that Kubernetes has utility—the kind that leads to staying power. And its ability to be used as a creative system means it is well set up for quick and effective repair.
“Kubernetes is less a product you use and more a platform for building platforms, and the fact that it has that adaptability to people’s different environments is key to the success that it’s had,” she said. “It doesn’t necessarily solve your problems for you, but it gives you a good suite of tools to make the solutions that you need.”