Web browsers have revolutionized the way we use the internet. They’ve escalated employee productivity, but have also opened up organizations to a plethora of security loopholes. Browsers are the easiest point of entry for hackers to exploit a system because they contain vulnerable components like plug-ins and cookies.
Today CVE-2019-5736 was announced which impacts all known versions of runc. Runc is the underlying component that creates containers in Docker, Kubernetes, and many other container systems. The full details of this vulnerability are available in the Openwall oss-security mailing. Due to the severity of this issue, exploits will not be published for another week, giving people time to patch.
Earlier today, CVE-2019-5736 was announced regarding a runC container breakout. Given the high CVSS rating of 7.2, it is imperative to quickly patch your systems.
A Docker image contains an application and all its dependencies. As it also contains the numerous binaries and libraries of an OS, it’s important to make sure no vulnerabilities exist in its root filesystem, or at least no critical or major ones. Scanning an image within a CI/CD pipeline can ensure this additional level of security.
A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes.
This blog describes how Rancher and its managed kubernetes clusters can be affected by the recent announcement detailing the vulnerabilities of the proxying external IPs and dashboard.
Today we are announcing the release of StackStorm v2.9.2 and StackStorm v2.10.1. Those two patch releases fix a security issue which has been reported to us this week by one of our users (Alexandre Juma – thanks!).
It finally happened. At the start of DockerCon Europe and a week before KubeCon was set to take place in the U.S., researchers discovered the first major vulnerability within Kubernetes, the popular cloud container orchestration system.
Darren Shepherd, Rancher co-founder and Chief Architect, describes the Kubernetes critical CVE issue he discovered, how it came to a resolution, and what it says about the Kubernetes open-source community.
In the past few days, a new vulnerability was disclosed in a widely used component – jQuery File Upload plugin. A change in Apache’s Web Server security setting handling, exposed users of this plugin to an unrestricted file upload flaw. Let’s dig in on how to detect jQuery File Upload vulnerability (CVE-2018-9206) using Falco.
