We are releasing a recommended security update via Mattermost Team Edition 5.9.1, 5.8.2 and 4.10.9 (ESR) and Mattermost Enterprise Edition 5.9.1, 5.8.2 and 4.10.9 (ESR). This security update addresses a high-level vulnerability discovered during a security research review by Leandro Chaves.
This week CVE-2019-3874 was discovered which details a flaw in the Linux kernel where an attacker can circumvent cgroup memory isolation using the SCTP socket buffer. In containerised environments, this has the potential for a container running as root to create a DoS.
Recently, a new Kubernetes related vulnerability was announced that affected the kube-apiserver. This was a denial of service vulnerability where authorized users with write permissions could overload the API server as it is handling requests. The issue is categorized as a medium severity (CVSS score of 6.5) and can be resolved by upgrading the kube-apiserver to v1.11.8, v1.12.6, or v1.13.4.
Amp up your endpoint security game with ManageEngine’s all-new Vulnerability Manager Plus. Pinpoint, prioritize, and eliminate vulnerabilities with ease. Attackers are constantly coming up with new ways to carry out exploits, making it even harder for your organization to reduce its attack surface and keep its endpoints secure.
Web browsers have revolutionized the way we use the internet. They’ve escalated employee productivity, but have also opened up organizations to a plethora of security loopholes. Browsers are the easiest point of entry for hackers to exploit a system because they contain vulnerable components like plug-ins and cookies.
Today CVE-2019-5736 was announced which impacts all known versions of runc. Runc is the underlying component that creates containers in Docker, Kubernetes, and many other container systems. The full details of this vulnerability are available in the Openwall oss-security mailing. Due to the severity of this issue, exploits will not be published for another week, giving people time to patch.
Earlier today, CVE-2019-5736 was announced regarding a runC container breakout. Given the high CVSS rating of 7.2, it is imperative to quickly patch your systems.
A Docker image contains an application and all its dependencies. As it also contains the numerous binaries and libraries of an OS, it’s important to make sure no vulnerabilities exist in its root filesystem, or at least no critical or major ones. Scanning an image within a CI/CD pipeline can ensure this additional level of security.
A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes.
This blog describes how Rancher and its managed kubernetes clusters can be affected by the recent announcement detailing the vulnerabilities of the proxying external IPs and dashboard.
