all InfoSec news
Detecting ‘Leaky Vessels’ Exploitation in Docker and Kubernetes
Feb. 1, 2024, 4:15 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
Summary
On January 31st 2024, Snyk announced the discovery of four vulnerabilities in Kubernetes and Docker.
CVE-2024-21626: CVSS – High, 8.6
CVE-2024-23651: CVSS – High, 8.7
CVE-2024-23652: CVSS – Critical, 10
CVE-2024-23653: CVSS – Critical, 9.8
For Kubernetes, the vulnerabilities are specific to the runc CRI. Successful exploitation allows an attacker to escape the container and gain access to the host operating system. To exploit these vulnerabilities, an attacker will need to control the Dockerfile when …
attacker cri critical cve cvss discovery docker exploitation high january kubernetes runc snyk vulnerabilities
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Pay up, or else? – Week in security with Tony Anscombe
1 day, 2 hours ago |
malware.news
Malware Simulators cannot test Antivirus Software
1 day, 15 hours ago |
malware.news
FBI warns of email spoofing by North Korean threat actor Kimsuky
1 day, 21 hours ago |
malware.news
You get a passkey, you get a passkey, everyone should get a passkey
2 days, 1 hour ago |
malware.news
Jobs in InfoSec / Cybersecurity
Security Analyst
@ Northwestern Memorial Healthcare | Chicago, IL, United States
GRC Analyst
@ Richemont | Shelton, CT, US
Security Specialist
@ Peraton | Government Site, MD, United States
Information Assurance Security Specialist (IASS)
@ OBXtek Inc. | United States
Cyber Security Technology Analyst
@ Airbus | Bengaluru (Airbus)
Vice President, Cyber Operations Engineer
@ BlackRock | LO9-London - Drapers Gardens