Quote:Red Hat has disclosed a flaw in that was reported by the Kubernetes’ community that if left unpatched could give an unauthorized party the ability to escalate their privileges on Kubernetes installations, including Red Hat OpenShift.

The flaw, CVE-2018-1002105, is in Kubernetes 1.10 and higher and is rated as critical due to its ease of exploitation. It affects Red Hat OpenShift Container Platform 3.x, Red Hat OpenShift Online and Red Hat OpenShift Dedicated.

The vulnerability allows non-privileged users to access Kubernetes clusters and associated data. There are two potential ways of exploitation.

https://www.redhat.com/en/blog/kubernetes-privilege-escalation-flaw-innovation-still-needs-it-security-expertise