all InfoSec news
Kubernetes vulnerability allows RCE on Windows endpoints (CVE-2023-3676)
Help Net Security www.helpnetsecurity.com
Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability that can be exploited by applying a malicious YAML file on the cluster. “The Kubernetes framework uses YAML files for basically everything — from configuring the Container Network Interface to pod management and even secret … More
The post …
akamai attackers cluster code command command injection control cve don't miss endpoints exploited file high hot stuff injection kubernetes malicious nodes rce researcher security update severity vulnerabilities vulnerability windows yaml