CyberSecurityBoard
Sponsor Register Login

Kubernetes Vulnerability Let Attackers Take Full System Control

A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes.
This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node.
The severity for this vulnerability has been given as 7.2.
Several prerequisites are required for a threat actor to exploit this vulnerability, including applying malicious YAML files to the cluster, access to create a persistent volume that can be utilized during the command injection process, and some level of user privilege on the affected Kubernetes cluster.
Two additional vulnerabilities with the same underlying cause were identified subsequent to the identification of this one: an insecure function call and inadequate user input sanitization.
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
According to the Akamai report shared with Cyber Security News, this vulnerability is linked with another previously disclosed vulnerability, CVE-2023-3676, related to another command injection vulnerability.
Both of these vulnerabilities were present on the Kubernetes cluster due to insecure function calls and a lack of user input sanitization.
Further analysis revealed that these command injections existed because of the lack of sanitization on the subPath parameter in YAML files, which uses the Kubelet service to execute commands with SYSTEM-level privileges.
Since it uses a Windows command prompt, the cmd terminal concatenation can be utilized to execute additional commands alongside the original parameter.
The exploitation involves the use of local volume type and persistent volume.
Local volumes are used to allow users to mount disk partitions inside a path, whereas persistent volumes are storage resources that a cluster admin can create to provide a storage space that will last even after the lifetime of the pod.
Once a persistentVolume is created, users can ask for storage space using a persistentVolumeClaim function.
It is worth denoting that Kubernetes uses YAML files for almost all of the functions inside the Kubernetes.
Path parameter inside a YAML file can be supplied with malicious commands executed during the mounting process.
This vulnerability can be exploited on default installations of Kubernetes, and was tested against both on-prem deployments and Azure Kubernetes Service.
Kubernetes has acted swiftly upon this vulnerability and has deleted the cmd line function.
This vulnerability affects the Kubernetes version earlier than 1.28.4.
It is recommended that organizations upgrade their Kubernetes to the latest version to prevent the exploitation of this vulnerability.
The below command can be executed to check if your Kubernetes has been affected.


This Cyber News was published on gbhackers.com. Publication date: Sat, 16 Mar 2024 07:13:06 +0000


Cyber News related to Kubernetes Vulnerability Let Attackers Take Full System Control

Auditing Kubernetes with Open Source SIEM and XDR - Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit ...
1 year ago Thehackernews.com
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
1 year ago Darkreading.com
Protecting against new Kubernetes threats in 2024 and beyond - A wave of new attacks targeted Kubernetes in 2023: Dero and Monero crypto miners, Scarleteel and RBAC-Buster. Finding an initial foothold with a web app vulnerability, then moving laterally is the hallmark of a Kubernetes attack. Understanding the ...
11 months ago Venturebeat.com
Kubernetes Vulnerability Let Attackers Take Full System Control - A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node. The ...
8 months ago Gbhackers.com
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
11 months ago Unit42.paloaltonetworks.com
XM Cyber Launches Kubernetes Exposure Management to Intelligently Protect Critical Container Environments - PRESS RELEASE. HERZLIYA, Israel, Nov. 29, 2023 /PRNewswire/ - XM Cyber, the leader in hybrid cloud exposure management, today announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes ...
1 year ago Darkreading.com
Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes - A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes within a Kubernetes cluster. ...
8 months ago Darkreading.com
Kubernetes DaemonSet: Monitoring in Kubernetes - That's why it makes sense to collect logs from every node and send them to some sort of central location outside the Kubernetes cluster for persistence and later analysis. A DaemonSet in Kubernetes is a specific kind of workload controller that ...
11 months ago Feeds.dzone.com
5 open-source tools for pentesting Kubernetes you should check out - Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. With its ...
11 months ago Helpnetsecurity.com
The Kubernetes Cost Features You Need in 2024 - In the rapidly evolving Kubernetes ecosystem, managing costs effectively is as critical as ensuring operational efficiency. To make the most of your shift to cloud native technologies in 2024, you need a roadmap to Kubernetes cost optimization, ...
11 months ago Securityboulevard.com
Guarding Kubernetes From the Threat Landscape - DZone - If compromised, attackers can exploit these broad permissions to manipulate deployments, introduce malicious code, gain unauthorized access to critical systems, steal sensitive data, or create backdoors for ongoing access. Part of the security ...
2 months ago Feeds.dzone.com
Vulnerability prioritization in Kubernetes: unpacking the complexity - One particularly significant aspect to consider is vulnerability prioritization. We'll explore practical prioritization strategies tailored to Kubernetes and discuss the significance of effective vulnerability patching. A vulnerability in a pod that ...
11 months ago Securityboulevard.com
Multiple Flaws in Google Kubernetes Engine - Google Kubernetes Engine has been detected with two flaws that a threat actor can utilize to create significant damage in case the threat actor already has access inside the Kubernetes cluster. The first issue was associated with FluentBit with ...
11 months ago Gbhackers.com
Helm: Simplifying Kubernetes Deployments - As a Kubernetes package manager, Helm greatly streamlines and simplifies deployment processes. In this article, we will delve deeply into Helm and explore how it facilitates the easier management of Kubernetes deployments. Templates: Helm uses ...
10 months ago Feeds.dzone.com
CVE-2020-4062 - In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres ...
2 years ago
Kubernetes Security: Sensitive Secrets Exposed - Cybersecurity researchers are warning of Kubernetes security issues amid the exposure of configuration secrets. Researchers believe that such attacks could be orchestrated using Kubernetes secrets exposed in public repositories as they allow access ...
11 months ago Securityboulevard.com
CVE-2021-41254 - kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service ...
3 years ago
Aviatrix releases Distributed Cloud Firewall for Kubernetes - Aviatrix introduced Aviatrix Distributed Cloud Firewall for Kubernetes, a distributed cloud networking and network security solution for containerized enterprise applications and workloads. With this solution, Aviatrix bridges the gap between virtual ...
8 months ago Helpnetsecurity.com
CVE-2021-20218 - A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest ...
3 years ago
Don't get hacked! Apply the right vulnerability metrics to Kubernetes scans - As you read this, I'd like you to keep in mind that CVSS was never intended to be that end-all software vulnerability scoring system. Doesn't reflect actual risk - CVSS provides a base score that represents the inherent severity of a vulnerability in ...
10 months ago Securityboulevard.com
CVE-2020-7922 - X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the ...
2 months ago
Behind EB Control's Revolutionary Patented Key Management System - If you're knee-deep in the world of data security, you'd agree that the key to unlocking superior protection lies, quite literally, in the keys- the encryption keys, to be precise. When it comes to managing these critical elements to safeguard your ...
11 months ago Securityboulevard.com
Traefik Labs updates address rising Kubernetes adoption and API management - Traefik Labs has unveiled product updates that address the escalating adoption of Kubernetes and the crucial role of API management in modern digital infrastructure. The updates include a Kubernetes-native API gateway, integration of a Web ...
8 months ago Helpnetsecurity.com
Optimizing business velocity with Cisco Full-Stack Observability - Fueling digital transformation success with cost and resource optimization over applications, workloads, and components. Applications and the digital experiences they enable require cloud-based resources for which costs can easily spiral out of ...
6 months ago Feedpress.me
CVE-2022-36103 - Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR (certificate signing request) ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)