Escrow, in short is an arrangement where a neutral third party is responsible for safekeeping the escrow assets such as funds, securities, IP, documents etc. to be released only when certain conditions are fulfilled by the parties entering into contract. Escrows can range from few days to few years depending on the nature of the deal. Banks are one of the primary escrow service providers globally and since they have presence in different geographies, they are preferred over other organizations to be the escrow agents. Read More
This Security Alert addresses CVE-2018-1210001, a vulnerability in specific versions of Kubernetes, the deployment and orchestration platform used in Omni Data Platform and XCRO.
Excerpt: With a specially crafted network request, any user can establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once established, an attacker can send arbitrary requests over the network connection directly to that backend. These requests are authenticated with the Kubernetes API server’s Transport Layer Security (TLS) credentials.
This vulnerability puts the entire cluster at risk by allowing the attacker to issue unauthenticated requests via the Kubernetes API layer.
Kubernetes API server
Affected Kubernetes versions and patches:
- Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11)
- Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5)
- Kubernetes v1.12.0-1.12.2 (fixed in v1.12.3)
Affected CAPIOT products:
- Omni Data Platform v1.x
- XCRO v.4.x
- XCRO v.5.x
If the Kubernetes API has not been exposed outside of the cluster, or the Kubernetes environment sits in an on-prem / air gapped environment, the probability of having been attacked is significantly lesser. However it is highly recommended to upgrade your Kubernetes platform to the latest patch that has been released immediately.
Please contact email@example.com for any further assistance or details on this security alert.