Aqua Blog

Vulnerability Management

Docker Image Scanning

Docker Image Scanning in your Codefresh Pipeline with Aqua

There are many benefits to implementing CI/CD platforms, such as enabling fast and frequent release cycles of software and applications, but with great speed comes great responsibility. It is crucial to add security controls around container image creation and deployment to ensure that your applications are …

Continue reading ›
VulnerabilitySheildBlog-F1

Mitigating Container Image Vulnerabilities with Aqua Vulnerability Shield™

Managing known vulnerabilities in container images has been one of the first issues to get the attention of organizations that adopt containers. Knowing what vulnerabilities (CVEs) lurk in your image code is important, but fixing or patching the images that contain vulnerabilities has been a challenge, since it’s …

Continue reading ›
Kubernetes CVE-2019-1002100

Mitigating the Kubernetes API Server Patch Permission DoS Vulnerability (CVE-2019-1002100)

A new medium severity vulnerability in the open source Kubernetes has been disclosed (CVE-2019-1002100) that can, if exploited, lead to a denial-of-service on the K8s API server, which in turn may lead to the cluster becoming inoperable.

The best mitigation is to remove the “patch” permissions from untrusted users, …

Continue reading ›
Severe-Privilege--BLOG-650_315.png

Severe Privilege Escalation Vulnerability in Kubernetes (CVE-2018-1002105)

Earlier this week, a severe vulnerability in Kubernetes (CVE-2018-1002105) was disclosed that allows an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster. The CVE was given the high severity score of 9.8 (out of 10) and it affects all Kubernetes versions from 1.0 …

Continue reading ›
jack-in-the-box-cve.png

"Jack-in-the-Box" Vulnerability When Unpacking Images (CVE-2018-8115)

Last week, Michael Hanselmann published details of a remote code execution vulnerability (CVE-2018-8115) that impacts Docker for Windows. As he described it: “Docker for Windows uses the Windows Host Compute Service Shim published and maintained by Microsoft. Its use of Go's “filepath.Join” function with …

Continue reading ›
Aqua’s new MicroScanner_ Free Image Vulnerability Scanner for Developers

Aqua’s MicroScanner: Free Image Vulnerability Scanner for Developers

At Aqua we’ve been working on a new, free-to-use tool for scanning your container images for package vulnerabilities. MicroScanner uses the same vulnerability database as Aqua’s best-in-class commercial scanner, so you’re getting top-notch results.

Continue reading ›
PCF banner.png

Using Aqua to Secure Applications on Pivotal Cloud Foundry

Many organizations use Pivotal Cloud Foundry (PCF), one of the world’s most powerful cloud-native platforms. PCF enables developers and operators to iterate rapidly, and help expand and launch new businesses fast, as well as deliver extraordinary user experiences to their customers.

Continue reading ›
Protecting Hybrid-Cloud Workloads Lessons from ESG Survey

Protecting Hybrid-Cloud Workloads? Lessons from ESG Survey

Today’s #1 Attack: Zero-day exploits of new and previously unknown vulnerability in apps and OSs

Container Security Top Challenges: Lack of adequate and disparate security tools, vulnerabilities in images, and the need for granular access-control between containers

Continue reading ›
ebpf vulnerability backdoor

eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the Backdoor

Co-written by Nahman Khayet and Michael Cherny

eBPF Verifier Bypass Vulnerability

Around the last week of December a tweet by Bruce Leidl caught our eyes, since it said “Straight up unlimited R/W to all kernel memory”...

Continue reading ›
meltdown_bg.png

Do Containers Provide Better Protection Against Meltdown and Spectre?

About Meltdown and Spectre

Following the trend of ‘branding’ vulnerabilities, Meltdown and Spectre vulnerabilities (CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715) are ‘brand’ names given to currently known variants of vulnerabilities of a similar nature, related to speculative execution. The general idea is …

Continue reading ›
blog-pps.png

How Aqua Scans Container Images On-Demand From The AWS Marketplace

Today we announced the availability of a new offering on AWS - our on-demand, pay-per-scan security scanner for container images is now available in the AWS Marketplace. The scanner is a full-featured version of Aqua's image scanning capabilities found in the Aqua Container Security Platform, but with a licensing …

Continue reading ›