Looney Tunables ช่องโหว่ใหม่ กระทบระบบปฏิบัติการ Linux
New Vulnerability Discovered on Google Kubernetes Engine (GKE) by Security Researchers from Palo Alto Networks’ Unit 42
Security researchers from Palo Alto Networks’ Unit 42 have recently uncovered a new vulnerability on Google Kubernetes Engine (GKE). This issue arises from the default configuration settings of FluentBit, the logging agent used in GKE that operates automatically in every cluster. Another vulnerability identified is the use of default privileges on Anthos Service Mesh (ASM). When exploited by malicious actors in a chaining attack, these vulnerabilities could potentially escalate privileges and compromise Kubernetes Clusters.
Google has released a patch to address this issue through GCP-2023-047, with patches available since December 14th. However, system administrators are required to perform a manual upgrade for Anthos Service Mesh.
Ref : https://siliconangle.com/2024/01/02/google-patches-two-vulnerabilities-left-kubernetes-engine-vulnerable-attack/