A Kubernetes security issue could have allowed full-blown Microsoft Windows node takeovers

Holographic representation of cloud computing over open businessman's hand
(Image credit: Shutterstock)

Default installations of Kubernetes were vulnerable to a high-severity flaw, which allowed threat actors to remotely execute code with elevated privileges. 

Researchers from Akamai discovered the flaw, which has since been patched, uncovering what’s now known as “insufficient input sanitization in in-tree storage plugin”, a flaw that’s tracked as CVE-2023-5588. 

It carries a severity score of 7.2, and impacts all versions of kubelet, including 1.8.0 and newer.

Multiple vulnerabilities

"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai explained. "To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster.

A user, with the ability to create pods and persistent volumes on Windows nodes, could elevate their privileges to admin status on those nodes, Kubernetes explained on GitHub. As a result, they might be able to completely take over all Windows nodes in a cluster. 

The vulnerability was patched in mid-November last year, so make sure you bring your kubelet to one of these versions:

v1.28.4 v1.27.8 v1.26.11 v1.25.16

In September 2023, Akamai’s researchers found a similar flaw - a command injection vulnerability that could be exploited with a malicious YAML file in the cluster. That flaw, now tracked as CVE-2023-3676, and with a severity score of 8.8, was the one that paved the way for today’s findings, the researchers explained.  

“The lack of sanitization of the subPath parameter in YAML files that creates pods with volumes opens up an opportunity for a malicious injection,” they said. “This was the original finding, but at the tail end of that research, we noticed a potential place in the code that looked like it could lead to another command injection vulnerability. After several tries, we managed to achieve a similar outcome.”

For businesses, verifying Kubernetes configuration YAMLs is “crucial”, as input sanitization is “lacking in several code areas in Kubernetes itself”.

Via The Hacker News

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Veeam backup software has a serious security flaw - here's how to stay safe
Digital image of a lock.
Nvidia systems could be facing another worrying security flaw
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Security
Microsoft reveals more on a potentially major Apple macOS security flaw
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow