New Kubernetes Vulnerabilities Allow Distant Assaults on Home windows Endpoints

Sep 13, 2023THNKubernetes / Cloud Safety

Kubernetes Vulnerabilities

Three interrelated high-severity safety flaws found in Kubernetes might be exploited to attain distant code execution with elevated privileges on Home windows endpoints inside a cluster.

The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and affect all Kubernetes environments with Home windows nodes. Fixes for the vulnerabilities have been released on August 23, 2023, following accountable disclosure by Akamai on July 13, 2023.

“The vulnerability permits distant code execution with SYSTEM privileges on all Home windows endpoints inside a Kubernetes cluster,” Akamai safety researcher Tomer Peled said in a technical write-up shared with The Hacker Information. “To take advantage of this vulnerability, the attacker wants to use a malicious YAML file on the cluster.”


Amazon Web Services (AWS), Google Cloud, and Microsoft Azure have all launched advisories for the bugs, which have an effect on the next variations of Kubelet –

  • kubelet < v1.28.1
  • kubelet < v1.27.5
  • kubelet < v1.26.8
  • kubelet < v1.25.13, and
  • kubelet < v1.24.17

In a nutshell, CVE-2023-3676 permits an attacker with ‘apply’ privileges — which makes it potential to work together with the Kubernetes API — to inject arbitrary code that might be executed on distant Home windows machines with SYSTEM privileges.

“CVE-2023-3676 requires low privileges and, subsequently, units a low bar for attackers: All they should have is entry to a node and apply privileges,” Peled famous.


Identity is the New Endpoint: Mastering SaaS Security in the Modern Age

Dive deep into the way forward for SaaS safety with Maor Bin, CEO of Adaptive Protect. Uncover why id is the brand new endpoint. Safe your spot now.

Supercharge Your Skills

The vulnerability, together with CVE-2023-3955, arises on account of an absence of enter sanitization, thereby enabling a specifically crafted path string to be parsed as a parameter to a PowerShell command, successfully resulting in command execution.

CVE-2023-3893, then again, pertains to a case of privilege escalation within the Container Storage Interface (CSI) proxy that permits a malicious actor to acquire administrator entry on the node.

“A recurring theme amongst these vulnerabilities is a lapse in enter sanitization within the Home windows-specific porting of the Kubelet,” Kubernetes safety platform ARMO highlighted final month.

“Particularly, when dealing with Pod definitions, the software program fails to adequately validate or sanitize consumer inputs. This oversight allows malicious customers to craft pods with setting variables and host paths that, when processed, result in undesired behaviors, reminiscent of privilege escalation.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.