Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

A Kubernetes security issue could have allowed full-blown Microsoft Windows node takeovers

Holographic representation of cloud computing over open businessman's hand.

Default installations of Kubernetes were vulnerable to a high-severity flaw, which allowed threat actors to remotely execute code with elevated privileges. 

Researchers from Akamai discovered the flaw, which has since been patched, uncovering what’s now known as “insufficient input sanitization in in-tree storage plugin”, a flaw that’s tracked as CVE-2023-5588. 

It carries a severity score of 7.2, and impacts all versions of kubelet, including 1.8.0 and newer.

Multiple vulnerabilities

"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai explained. "To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster.

A user, with the ability to create pods and persistent volumes on Windows nodes, could elevate their privileges to admin status on those nodes, Kubernetes explained on GitHub. As a result, they might be able to completely take over all Windows nodes in a cluster. 

The vulnerability was patched in mid-November last year, so make sure you bring your kubelet to one of these versions:

v1.28.4 v1.27.8 v1.26.11 v1.25.16

In September 2023, Akamai’s researchers found a similar flaw - a command injection vulnerability that could be exploited with a malicious YAML file in the cluster. That flaw, now tracked as CVE-2023-3676, and with a severity score of 8.8, was the one that paved the way for today’s findings, the researchers explained.  

“The lack of sanitization of the subPath parameter in YAML files that creates pods with volumes opens up an opportunity for a malicious injection,” they said. “This was the original finding, but at the tail end of that research, we noticed a potential place in the code that looked like it could lead to another command injection vulnerability. After several tries, we managed to achieve a similar outcome.”

For businesses, verifying Kubernetes configuration YAMLs is “crucial”, as input sanitization is “lacking in several code areas in Kubernetes itself”.

Via The Hacker News

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.