2025-01-30 15:14:21 Pacfic
Kubernetes Windows Nodes Remote Hack - 4d
A critical vulnerability has been discovered in Kubernetes that allows remote attackers to execute commands with SYSTEM privileges on Windows nodes within a cluster. Tracked as CVE-2024-9042, this flaw stems from a command-injection bug in the 'Log Query' beta feature. This vulnerability affects Kubernetes versions prior to 1.32.1 when this beta feature is enabled. Exploitation is possible through a specifically crafted command injected via a parameter in a query to a node.
According to Akamai researcher Tomer Peled, who discovered the flaw, the 'Log Query' mechanism does not properly validate and sanitize the parameter, allowing attackers to execute arbitrary code. The vulnerability only impacts clusters using Windows nodes with the beta logging feature turned on. The Kubernetes project has issued a security advisory with instructions on how to update, advising administrators to check cluster audit logs for suspicious inputs. While the number of deployments with this specific configuration is thought to be low, it highlights the importance of rigorous security testing for new features.
ImgSrc: ciso2ciso.com
References:
- ciso2ciso.com - Information on a vulnerability in Kubernetes that allows a remote attacker to execute commands on all Windows endpoints. - 5d
- @theregister - News about a Kubernetes vulnerability allowing remote code execution on Windows nodes. - 5d
- @jos1264 - Don’t want your Kubernetes Windows nodes hijacked? Patch this hole now – Source: go.theregister.com - 4d
- go.theregister.com - Report on a Kubernetes command injection flaw that grants system-level privileges on Windows nodes. - 4d
- The Register - Software: OSes - Don't want your Kubernetes Windows nodes hijacked? Patch this hole now - 4d
- @screaminggoat - Akamai : Akamai discloses vulnerability details for , which they says allows for remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vuln - 4d
Classification:
- HashTags: Kubernetes RCE WindowsNodes
- Company: Kubernetes
- Target: Kubernetes Windows Nodes
- Product: Kubernetes
- Feature: Remote Code Execution
- Type: Vulnerability
- Severity: Major