back to article Kubernetes container runtime CRI-O has make-me-root flaw

A vulnerability in the container runtime engine CRI-O can be exploited by a rogue user to gain root-level access on a host. In a Kubernetes environment powered by CRI-O, the security hole can be used by a miscreant to move through a cluster as an administrator, install malware, and cause other chaos. CrowdStrike's threat …

  1. JassMan Silver badge

    This means that anyone who can deploy a pod on a cluster using the CRI-O runtime can "abuse the kernel.core_pattern parameter to achieve container escape and arbitrary code execution as root on any node in the cluster," CrowdStrike continued.

    Ouch!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022