CatOps
5.08K subscribers
94 photos
5 videos
19 files
2.59K links
DevOps and other issues by Yurii Rochniak (@grem1in) - SRE @ Preply && Maksym Vlasov (@MaxymVlasov) - Engineer @ Star. Opinions on our own.

We do not post ads including event announcements. Please, do not bother us with such requests!
Download Telegram
I know that the last thing you'd like to see on Wednesday is yet another remote code execution possibility in Kubernetes, but here you are.

Kubernetes Remote Code Execution Via Nodes/Proxy GETPermission

and here's a lab for that.

tl;dr: web sockets use GET to initiate a connection and then upgrade it, but the permissions are only checked for GET, regardless of what you send through that web socket later. Thus, read permissions are enough to run some code.

P.S. This news came from the chat. If you want to join our chat (in Ukrainian), you can use this link.

#kubernetes #security
👍4
Some time ago, I posted here an article from a well-known company on how they use Terraform.

When I was reading that article, I had a thought: “C’mon, I also can write crap like that!”.

So I did!

I hope you like it!

#terraform #oc
🤣13👍9🔥21
​​For today’s Donations Monday, let’s help our friends from DevOps 01 chat to buy an EcoFlow for 154s Separate Mechanized Brigade.

https://send.monobank.ua/jar/5fYjQVfvFA

There’s just a small push left!

#donations #Ukraine
2👎1🤬1
Hello Kubernetes Community,

Multiple issues are disclosed today in ingress-nginx, and assigned the following CVE IDs: CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, CVE-2026-24514.

The most serious of these issues have been rated HIGH (CVSS calculator, score: 8.8).

https://groups.google.com/a/kubernetes.io/g/dev/c/9RYJrB8e8ts?pli=1
😁4👍1🔥1
A Friday read for y’all.

A collection of AI slop reports security reports to the curl project.

This eventually forced the curl team to halt their bug bounty program on Hackerone.

Here’s also a FOSDEM talk by Daniel Stenberg - the creator of curl - on how to survive the avalanche of AI generated code.

#ai #slides #fosdem
🔥5👍1
Some results of a fun testing of different LLMs to generate Terraform code.

This article is old, but they have updated the results in mid 2025. Anyways, keep in mind that since then, LLMs evolved. So, even those results are not quite correct anymore.

Still, it’s an interesting test that you can also do yourself. Another point is that LLMs are already quite usable to generate Terraform code.

#terraform #ai
🙉2
​​Support a friend of mine on the Frontline!

Last year, she chose the tough path: Combat Medic.
Now, she needs our help to secure critical medical supplies that can't wait for paperwork.

No donation is too small. Let’s help her save lives!

- Mono Jar: https://send.monobank.ua/jar/75jQXw6aYq
- Mono: 💳: 4874100025644306
- Privat: 💳: 5168745027810065

#donations #Ukraine
3