@yakirkad : We discovered a way to bypass OPA Gatekeeper policies in Kubernetes due to a subtle misconfiguration - missing a trailing slash, combined with risky Rego logic. This allows attackers to bypass certain policies, leading to unauthorized image pulls in Kubernetes clusters. In our • TwiCopy

Yakir Kadkoda

@yakirkad

+ Follow

🧩 Director of Security Research at @AquaSecTeam | Black Hat & DEFCON & RSA Speaker

ID: 1469759292798603266

calendar_today11-12-2021 20:01:47

143 Tweet

234 Followers

537 Following

Yakir Kadkoda

@yakirkad

6 months ago

We discovered a way to bypass OPA Gatekeeper policies in Kubernetes due to a subtle misconfiguration - missing a trailing slash, combined with risky Rego logic. This allows attackers to bypass certain policies, leading to unauthorized image pulls in Kubernetes clusters. In our

thumb_up_off_alt3

chat_bubble_outline0

repeat1

shareShare