SYSTEM-level command injection via API parameter *chef’s kiss*
A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.…
This article has been indexed from The Register – Security