FlagThis

According to Akamai researcher Tomer Peled, who discovered the flaw, the 'Log Query' mechanism does not properly validate and sanitize the parameter, allowing attackers to execute arbitrary code. The vulnerability only impacts clusters using Windows nodes with the beta logging feature turned on. The Kubernetes project has issued a security advisory with instructions on how to update, advising administrators to check cluster audit logs for suspicious inputs. While the number of deployments with this specific configuration is thought to be low, it highlights the importance of rigorous security testing for new features.

Share:

• ciso2ciso.com: Information on a vulnerability in Kubernetes that allows a remote attacker to execute commands on all Windows endpoints.
• The Register: News about a Kubernetes vulnerability allowing remote code execution on Windows nodes.
• Pyrzout :vm:: Don’t want your Kubernetes Windows nodes hijacked? Patch this hole now – Source: go.theregister.com
• go.theregister.com: Report on a Kubernetes command injection flaw that grants system-level privileges on Windows nodes.
• The Register - Software: Don't want your Kubernetes Windows nodes hijacked? Patch this hole now
• : Akamai : Akamai discloses vulnerability details for , which they says allows for remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the cluster must be configured to run the new logging mechanism "Log Query." The vulnerability can be triggered with a simple GET request to the remote node. Successful exploitation of this vulnerability can lead to full takeover on all Windows nodes in a cluster. Akamai provides a proof-of-concept curl command and discuss possible mitigations.

Classification:

• HashTags: #Kubernetes #RCE #WindowsNodes
• Company: Kubernetes
• Target: Kubernetes Windows Nodes
• Product: Kubernetes
• Feature: Remote Code Execution
• Type: Vulnerability
• Severity: Major