2 min Security

GKE patch necessary: hackers can control Kubernetes clusters

GKE patch necessary: hackers can control Kubernetes clusters

Google has fixed two severe vulnerabilities in the Google Kubernetes Engine. Patching is wise, as an attacker can gain control of a Kubernetes cluster via an attack.

Researchers at Palo Alto Networks came across the vulnerabilities. They discovered a problem in the configuration of FluentBit, the logging agent that runs by default on all clusters. The problem is linked to the default privileges for Anthos Service Mesh (ASM), an optional add-on that users can enable. ASM is the Google implementation of the Istio Service Mesh for service-to-service communication within a GKE environment.

By themselves, the two vulnerabilities have no impact. However, if an attacker exploits the FluentBit container vulnerability and ASM is installed, gaining control of a Kubernetes cluster is possible. Through this access, the hacker can steal data, deploy malicious pods and disrupt the cluster’s operations.

Update necessary

Given the popularity of Kubernetes, this is serious business. The container platform is widely used for deploying and managing applications. Critical applications often run within Kubernetes, so a possible cluster disruption can significantly impact an organization’s continuity.

Google quickly resolved both configuration issues on Dec. 14. The tech giant recommends manually upgrading clusters and node pools to GKE versions 1.25.16-gke.1020000, 1.26.10-gke.1235000, 1.27.7-gke.1293000 or 1.28.4-gke.1083000 or newer. Even if auto-upgrade is enabled, a manual update is helpful.

Tip: Google Cloud serves enterprises with specialized GKE version