Friday, March 15, 2024

A Kubernetes security issue could have allowed full-blown Microsoft Windows node takeovers

Default installations of Kubernetes were vulnerable to a high-severity flaw, which allowed threat actors to remotely execute code with elevated privileges. 

Researchers from Akamai discovered the flaw, which has since been patched, uncovering what’s now known as “insufficient input sanitization in in-tree storage plugin”, a flaw that’s tracked as CVE-2023-5588. 

It carries a severity score of 7.2, and impacts all versions of kubelet, including 1.8.0 and newer.

Multiple vulnerabilities

"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai explained. "To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster.

A user, with the ability to create pods and persistent volumes on Windows nodes, could elevate their privileges to admin status on those nodes, Kubernetes explained on GitHub. As a result, they might be able to completely take over all Windows nodes in a cluster. 

The vulnerability was patched in mid-November last year, so make sure you bring your kubelet to one of these versions:

v1.28.4 v1.27.8 v1.26.11 v1.25.16

In September 2023, Akamai’s researchers found a similar flaw - a command injection vulnerability that could be exploited with a malicious YAML file in the cluster. That flaw, now tracked as CVE-2023-3676, and with a severity score of 8.8, was the one that paved the way for today’s findings, the researchers explained.  

“The lack of sanitization of the subPath parameter in YAML files that creates pods with volumes opens up an opportunity for a malicious injection,” they said. “This was the original finding, but at the tail end of that research, we noticed a potential place in the code that looked like it could lead to another command injection vulnerability. After several tries, we managed to achieve a similar outcome.”

For businesses, verifying Kubernetes configuration YAMLs is “crucial”, as input sanitization is “lacking in several code areas in Kubernetes itself”.

Via The Hacker News

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/o72dQqD

No comments:

Post a Comment

AMD could be plotting a move to include 3D V-cache in its next ThreadRipper CPU — here’s what we know so far

Changes in the BIOS manual of the ASUS TRX motherboard have sparked rumors 3D V-Cache capabilities could be coming to new AMD APUs The...