On January 31st 2024, the Snyk Security Labs team identified multiple vulnerabilities, now called “Leaky Vessels”, affecting software components used on Kubernetes infrastructure to run and manage containers. Our users’ security is our top priority, and we take this matter very seriously.
These vulnerabilities can be used for container escapes – to gain access to the host operating system from the containers. The vulnerability can therefore be used to access and control data and services running on the host and other containers on the host.
We highly recommend upgrading the Kubernetes worker nodes used on all Kubernetes installations, including those on UpCloud’s Managed Kubernetes clusters.
The necessary patches have been applied to the templates used to create new worker nodes on UpCloud starting from 2024-02-02 16:00:00 UTC, meaning all newly created Kubernetes nodes are already covered. Applying the necessary changes to existing Kubernetes clusters requires actions from the cluster administrator and affected customers have been contacted directly.
If you have any concerns or require further assistance, please don’t hesitate to contact our dedicated support team.