Blog Security Research Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes Tomer Peled is a Security Researcher at Akamai. In his daily job, he conducts research ranging from vulnerability research to OS internals. In his free time, he likes to cook, do Krav Maga, and game on his PC. Editorial and additional commentary by Tricia Howard \r\n Executive summary \r\n \r\n Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-3676 with a CVSS score of 8.8. \r\n \r\n This discovery led to the identification of two more vulnerabilities as they share the same root cause: insecure function call and lack of user input sanitization. \r\n \r\n \r\n \r\n The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply a malicious YAML file on the cluster.…