Proof-of-Concept Released for Kubernetes Vulnerabilities Exposing Windows Nodes

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Three interconnected high-severity security vulnerabilities have been identified in Kubernetes. These vulnerabilities could potentially be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. Notably, a proof of concept for this vulnerability is a YAML file that includes the execution of a PowerShell command, illustrating the severity of the issue.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.