Security Alert: CVE-2018-1210001

Share on FacebookTweet about this on TwitterShare on LinkedInEmail this to someone

This Security Alert addresses CVE-2018-1210001, a vulnerability in specific versions of Kubernetes, the deployment and orchestration platform used in Omni Data Platform and XCRO.

Excerpt: With a specially crafted network request, any user can establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once established, an attacker can send arbitrary requests over the network connection directly to that backend. These requests are authenticated with the Kubernetes API server’s Transport Layer Security (TLS) credentials.

This vulnerability puts the entire cluster at risk by allowing the attacker to issue unauthenticated requests via the Kubernetes API layer.

Affected component:

Kubernetes API server

Affected Kubernetes versions and patches:

  • Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11)
  • Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5)
  • Kubernetes v1.12.0-1.12.2 (fixed in v1.12.3)

Affected CAPIOT products:

  • Omni Data Platform v1.x
  • XCRO v.4.x
  • XCRO v.5.x

Mitigation:

If the Kubernetes API has not been exposed outside of the cluster, or the Kubernetes environment sits in an on-prem / air gapped environment, the probability of having been attacked is significantly lesser. However it is highly recommended to upgrade your Kubernetes platform to the latest patch that has been released immediately.

Support:

Please contact support@capiot.com for any further assistance or details on this security alert.

References:

 

CAPIOT featured in “20 Fastest Growing Companies in India”

Share on FacebookTweet about this on TwitterShare on LinkedInEmail this to someone

The CEO Magazine, featured CAPIOT’s success story in their latest edition. They spoke to Anil Kshirsagar, Founder and Executive Chairman of CAPIOT Software, to find about CAPIOT’s competitive advantage, growth momentum and many more.

In today’s world, digital industry always seems to be in motion. Pertaining to the statement, how the company maintained its momentum?

CAPIOT is a relatively young and dynamic company with highly talented employees motivated to solve challenging problems. We have grown phenomenally and exponentially in the last four years, and we also build strategic partnerships to serve the increasing demand from various industries. To read the full excerpts click here

AI in Enterprise : From Pilot to Mainstream

Share on FacebookTweet about this on TwitterShare on LinkedInEmail this to someone

I had a moment of epiphany when a couple of days back I opened the business section of ‘The Hindu’ online and the headline screamed ‘Machine learning, AI top professionals’ reskilling list’. When a newspaper so steeped in tradition starts talking about AI skills I think it’s time to take notice.

Going by the narrative in popular culture AI & ML are either going to bring about world peace by making drugs cheaper, employees more productive and internet safe for everyone or they will destroy world peace with the rise of Skynet and terminators and making almost all of redundant. Read More