Container is a piece of software that includes various components to deploy an application.
The rising number of misconfigurations by developers and new vulnerabilities have led to a number of security compromises.
Let’s take a look at all the major container misconfigurations, exploits, and flaws that made headlines in 2019 so far.
February
Researchers disclosed a container vulnerability in runC, a portable container runtime, that potentially allows attackers to access file systems by escaping the container. This flaw is tracked as CVE-2019-5736 and requires local system access. It has been modified now.
March
Security experts released a proof-of-concept attack that involves exploiting a Linux privilege escalation vulnerability (CVE-2017-7308). After exploiting the vulnerability and using the proof-of-concept technique to infect, hackers can move laterally in the network or steal from co-hosted containers.
April
The official repository of Docker container images, Docker Hub, suffered a data breach this year, impacting the data of 190,000 users. The compromised information includes Docker Hub user names, hashed passwords, and Github and Bitbucket tokens.
Kubernetes, an open-source container orchestration system was found vulnerable to a directory traversal exploit last year, which was patched. However, it has been found that the patch is incomplete, and the attacks are still possible. The vulnerability allows attackers to steal sensitive information from the devices of Kubectl, a command-line interface for running commands against Kubernetes clusters.
May
..
Support the originator by clicking the read the rest link below.
