Author:Boris Kurktchiev

Rapid Mitigation of CVE-2023-2878 with Kyverno and Nirmata Policy Manager

A recently discovered vulnerability (CVE-2023-2878) in the secrets-store-csi-driver component of Kubernetes poses a significant security risk. If exploited, this vulnerability could result in the disclosure of sensitive service account tokens. Service account tokens function as authentication credentials, allowing applications operating within a Kubernetes cluster to…


Locked Doors, Untrusted Keys: Securing Containers in the Wake of Leaky Vessel Vulnerabilities

The recent buzz surrounding the actively exploited runc vulnerabilities “Leaky Vessels”  (CVE-2024-21626) serves as a timely reminder of two essential container security principles: image trust and comprehensive patching. Let’s delve into why these aspects are crucial for your containerized environments. Trustworthy Images are Foundational: It…


Mitigating the Latest Kubernetes NGINX Ingress Controller CVEs

Recently, a few new vulnerabilities for Kubernetes Nginx Ingress controllers have made their way across industry channels, showcasing how much of a challenge securely configuring Kubernetes can be. The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as…