Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability that can be exploited by applying a malicious YAML file on the cluster. “The Kubernetes framework uses YAML files for basically everything — from configuring the Container Network Interface to pod management and even secret … More

The post Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676) appeared first on Help Net Security.