Subj : A Kubernetes security issue could have allowed full-blown Microso
To   : All
From : TechnologyDaily
Date : Fri Mar 15 2024 18:45:06

A Kubernetes security issue could have allowed full-blown Microsoft Windows 
node takeovers

Date:
Fri, 15 Mar 2024 18:32:49 +0000

Description:
On the tail end of a previous Kubernetes flaw, Akamai finds a new, similarly 
dangerous one.

FULL STORY
======================================================================

Default installations of Kubernetes were vulnerable to a high-severity flaw, 
which allowed threat actors to remotely execute code with elevated 
privileges. 

Researchers from Akamai discovered the flaw, which has since been patched, 
uncovering whats now known as insufficient input sanitization in in-tree 
storage plugin, a flaw thats tracked as CVE-2023-5588. 

It carries a severity score of 7.2, and impacts all versions of kubelet, 
including 1.8.0 and newer. Multiple vulnerabilities 

"The vulnerability allows remote code execution with SYSTEM privileges on all 
Windows endpoints within a Kubernetes cluster," Akamai explained. "To exploit 
this vulnerability, the attacker needs to apply malicious YAML files on the 
cluster. 

A user, with the ability to create pods and persistent volumes on Windows 
nodes, could elevate their privileges to admin status on those nodes, 
Kubernetes explained on GitHub . As a result, they might be able to 
completely take over all Windows nodes in a cluster. 

The vulnerability was patched in mid-November last year, so make sure you 
bring your kubelet to one of these versions: 

v1.28.4 v1.27.8 v1.26.11 v1.25.16 

In September 2023, Akamais researchers found a similar flaw - a command 
injection vulnerability that could be exploited with a malicious YAML file in 
the cluster. That flaw, now tracked as CVE-2023-3676, and with a severity 
score of 8.8, was the one that paved the way for todays findings, the 
researchers explained. 

The lack of sanitization of the subPath parameter in YAML files that creates 
pods with volumes opens up an opportunity for a malicious injection, they 
said. This was the original finding, but at the tail end of that research, we 
noticed a potential place in the code that looked like it could lead to 
another command injection vulnerability. After several tries, we managed to 
achieve a similar outcome. 

For businesses, verifying Kubernetes configuration YAMLs is crucial, as input 
sanitization is lacking in several code areas in Kubernetes itself. 

 Via The Hacker News More from TechRadar Pro A Google Kubernetes security 
flaw could let anyone with a Gmail account compromise your business Here's a 
list of the best firewalls around today These are the best endpoint security 
tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/a-kubernetes-security-issue-could-have-
allowed-full-blown-microsoft-windows-node-takeovers


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.