Upgrade your systems before it's too late.
Security experts recently released information about a fixed high-severity vulnerability in Kubernetes, which, under certain circumstances, can allow an attacker to remotely execute code with elevated privileges.
"The vulnerability allows remote code execution with system privileges on all Windows endpoints in the Kubernetes cluster," explained Tomer Peled, a security researcher at Akamai. "To exploit this vulnerability, an attacker needs to apply malicious YAML files to the cluster."
The vulnerability, identified as CVE-2023-5528 and rated 7.2 on the CVSS scale, affects all kubelet versions starting from 1.8.0.The issue was fixed in updates released on November 14, 2023, for kubelet versions 1.28.4, 1.27.8, 1.26.11 and 1.25.16.
Kubernetes developers noted in their message that the vulnerability concerns clusters that use built-in storage plugins for Windows nodes, and can lead to full control over all Windows nodes in the cluster. This is due to the use of unsafe function calls and the lack of sanitization of user input, in particular when working with Kubernetes local volumes.
Akamai explained that an attacker can use a specially prepared path parameter in a YAML file to inject and execute commands using the "&&"command separator. In response to the vulnerability, the Kubernetes team replaced the command line call with a native Go function that performs the same operation without the possibility of injection.
It is worth noting that Kubernetes quite often becomes a target for hackers, largely because certain vulnerabilities pop up there with enviable frequency. For example, at the end of January, we wrote about the Sys:All vulnerability, which allows you to gain control over a Kubernetes cluster using a Google account.
These incidents of vulnerabilities in Kubernetes highlight the importance of timely software updates to address identified security vulnerabilities. Developers can quickly fix the detected vulnerabilities, but ultimately the responsibility lies with system administrators, who must immediately apply the released updates to ensure the security of their systems.
Maintaining up-to-date and secure software is a key aspect of cybersecurity, especially in the context of mission-critical systems such as Kubernetes.
Security experts recently released information about a fixed high-severity vulnerability in Kubernetes, which, under certain circumstances, can allow an attacker to remotely execute code with elevated privileges.
"The vulnerability allows remote code execution with system privileges on all Windows endpoints in the Kubernetes cluster," explained Tomer Peled, a security researcher at Akamai. "To exploit this vulnerability, an attacker needs to apply malicious YAML files to the cluster."
The vulnerability, identified as CVE-2023-5528 and rated 7.2 on the CVSS scale, affects all kubelet versions starting from 1.8.0.The issue was fixed in updates released on November 14, 2023, for kubelet versions 1.28.4, 1.27.8, 1.26.11 and 1.25.16.
Kubernetes developers noted in their message that the vulnerability concerns clusters that use built-in storage plugins for Windows nodes, and can lead to full control over all Windows nodes in the cluster. This is due to the use of unsafe function calls and the lack of sanitization of user input, in particular when working with Kubernetes local volumes.
Akamai explained that an attacker can use a specially prepared path parameter in a YAML file to inject and execute commands using the "&&"command separator. In response to the vulnerability, the Kubernetes team replaced the command line call with a native Go function that performs the same operation without the possibility of injection.
It is worth noting that Kubernetes quite often becomes a target for hackers, largely because certain vulnerabilities pop up there with enviable frequency. For example, at the end of January, we wrote about the Sys:All vulnerability, which allows you to gain control over a Kubernetes cluster using a Google account.
These incidents of vulnerabilities in Kubernetes highlight the importance of timely software updates to address identified security vulnerabilities. Developers can quickly fix the detected vulnerabilities, but ultimately the responsibility lies with system administrators, who must immediately apply the released updates to ensure the security of their systems.
Maintaining up-to-date and secure software is a key aspect of cybersecurity, especially in the context of mission-critical systems such as Kubernetes.
