A Kubernetes security issue could have allowed full-blown Microsoft Windows
Blog

A Kubernetes security issue could have allowed full-blown Microsoft Windows

A Kubernetes security issue could have allowed full-blown Microsoft Windows node takeovers

 

Default installations of Kubernetes were vulnerable to a high-severity flaw, which allowed threat actors to remotely execute code with elevated privileges.

Researchers from Akamai discovered the flaw, which has since been patched, uncovering what’s now known as “insufficient input sanitization in in-tree storage plugin”, a flaw that’s tracked as CVE-2023-5588.

It carries a severity score of 7.2, and impacts all versions of kubelet, including 1.8.0 and newer.

Multiple vulnerabilities

“The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai explained. “To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster.

A user, with the ability to create pods and persistent volumes on Windows nodes, could elevate their privileges to admin status on those nodes, Kubernetes explained on GitHub. As a result, they might be able to completely take over all Windows nodes in a cluster.

The vulnerability was patched in mid-November last year, so make sure you bring your kubelet to one of these versions:

v1.28.4 v1.27.8 v1.26.11 v1.25.16

In September 2023, Akamai’s researchers found a similar flaw – a command injection vulnerability that could be exploited with a malicious YAML file in the cluster. That flaw, now tracked as CVE-2023-3676, and with a severity score of 8.8, was the one that paved the way for today’s findings, the researchers explained.

“The lack of sanitization of the subPath parameter in YAML files that creates pods with volumes opens up an opportunity for a malicious injection,” they said. “This was the original finding, but at the tail end of that research, we noticed a potential place in the code that looked like it could lead to another command injection vulnerability. After several tries, we managed to achieve a similar outcome.”

For businesses, verifying Kubernetes configuration YAMLs is “crucial”, as input sanitization is “lacking in several code areas in Kubernetes itself”.

Via The Hacker News

More from TechRadar Pro

Related posts

Leave a Comment

A note to our visitors

This website has updated its privacy policy in compliance with changes to European Union data protection law, for all members globally. We’ve also updated our Privacy Policy to give you more information about your rights and responsibilities with respect to your privacy and personal information. Please read this to review the updates about which cookies we use and what information we collect on our site. By continuing to use this site, you are agreeing to our updated privacy policy.