Go to computer terminal for registration
JD Cloud security team recently monitored JCS for Kubernetes was disclosed to have multiple vulnerabilities.
JD Cloud security team recommends that you conduct the security self-examination in a timely manner. If your business is in the influence range, please update and fix the problem in time to avoid attacks from an external attacker.
l CVE-2019-1002100: Malicious users with patch permissions send specific overlong “json-patch” patch requests (such as kubectl patch -type json or "Content-Type: application/json-patch+json"), which will cause denial of service due to exhaustion of CPU resources of Kubernetes API servers.
l CVE-2019-1002101: For Security Vulnerability exists regarding kubectl cp command, the attacker can use kubectl cp command to replace or delete the file on the user work station, and write in a malicious file on any path on the user’s computer.
l CVE-2019-9946: For Security Vulnerability in Kubernetes CNI frame, security problems are found during the interaction of CNI plug-in port mapping and Kubernetes below Version 0.7.5. Because the CNI port mapping plug-in is embedded into the Kubernetes component by default, only an upgrade to a new version of Kubernetes can solve this problem.
CVE-2019-1002100: Kubernetes v1.0.x-1.10.x, Kubernetes v1.11.0-1.11.7, Kubernetes v1.12.0-1.12.5, Kubernetes v1.13.0-1.13.3
CVE-2019-1002101: Versions other than Kubernetes 1.11.9, 1.12.7, 1.13.5, 1.14.0 or update version
CVE-2019-9946 : Versions other than Kubernetes 1.11.9, 1.12.7, 1.13.5, 1.14.0 or update version, and Kubernetes is paired with CNI configuration used with port mapping plug-in
Upgrade JCS for Kubernetes to a security version.
2.https://discuss.kubernetes.io/t/announce-security-release-of-kubernetes-kubectl-potential-directory-traversal-releases-1-11- 9-1-12-7- 1-13-5-and-1-14-0-cve-2019-1002101/5712
JD Cloud team2019-04-08 16:35:37