all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploiting Kubernetes through Operator Injection

Add to bookmarks
Feb. 13, 2024, 7:24 p.m. | Thomas Tan

Blog - Praetorian www.praetorian.com

Intro The Kubernetes documentation describes operators as “software extensions to Kubernetes that use custom resources to manage applications and their components.” These operators automate application resource deployment and management with custom controllers tied to one or more custom resource definitions. Custom controllers create bespoke attack surfaces that attackers can target when they can control custom resource data. […]


The post Exploiting Kubernetes through Operator Injection appeared first on Praetorian.

application applications attack attackers attack surfaces can components control controllers definitions deployment documentation exploiting extensions injection kubernetes manage management operators resource resources software target vulnerability research

Visit resource

More from www.praetorian.com / Blog - Praetorian

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 18 hours ago | www.praetorian.com
ant application customers cve +21
MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 1 month, 4 weeks ago | www.praetorian.com
article can cross-site cswsh +17
Exploiting Kubernetes through Operator Injection 2 months, 1 week ago | www.praetorian.com
application applications attack attackers +20
Relution Remote Code Execution via Java Deserialization Vulnerability 2 months, 3 weeks ago | www.praetorian.com
application article can clients +26
Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 3 months, 1 week ago | www.praetorian.com
attack cd security ci compromise +5
Understanding the Impact of the new Apache Struts File Upload Vulnerability 4 months, 2 weeks ago | www.praetorian.com
abuse apache apache struts bug +23
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 4 months, 2 weeks ago | www.praetorian.com
authentication authentication bypass bypass code +19
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 4 months, 3 weeks ago | www.praetorian.com
analysis application code code execution +17
Why Azure B2C ROPC Custom Flows Are Inherently Insecure 4 months, 4 weeks ago | www.praetorian.com
active directory administrators api authentication +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States
View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY
View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote
View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada
View on infosec-jobs.com
View more jobs