Not long ago, researchers discovered three exploitable and interconnected high-severity security vulnerabilities in Kubernetes. These vulnerabilities can achieve remote code execution in an elevated privileges manner on Windows endpoints within the cluster.
The vulnerabilities are labeled CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, have a CVSS score of 8.8, and affect all Kubernetes environments with Windows nodes. Following disclosure by Akamai on July 13, 2023, fixes for these vulnerabilities were released on August 23, 2023.
Akamai security researcher Tomer Peled said: This vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within the Kubernetes cluster. To exploit this vulnerability, an attacker would need to apply a malicious YAML file on the cluster.
Amazon Web Services (AWS), Google Cloud, and Microsoft Azure have all issued advisories for these vulnerabilities, which affect the following versions of Kubelet
- kubelet < v1.28.1
- kubelet < v1.27.5
- kubelet < v1.26.8
- kubelet < v1.25.13, and
- kubelet < v1.24.17
In short, CVE-2023-3676 allows an attacker with "App" permissions (which can interact with the Kubernetes API) to inject arbitrary code that will be executed on a remote Windows machine with SYSTEM permissions.
Peled also noted that CVE-2023-3676 requires very low permissions, thus setting a low bar for attackers. All they need is access to the node and application permissions.
This vulnerability, like CVE-2023-3955, is caused by a lack of input sanitization, allowing a specially crafted path string to be parsed as a parameter for a PowerShell command, effectively executing the command.
CVE-2023-3893, on the other hand, is related to a case of privilege escalation in the Container Storage Interface (CSI) agent, which allowed a malicious actor to gain administrator access on a node.
Specifically, the software failed to adequately validate or sanitize user input when processing Pod definitions. This oversight allows malicious users to craft pods with environment variables and host paths that, when processed, can lead to privilege escalation and other consequences.
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
Network security learning resource sharing:
Finally, I would like to share with you a complete set of network security learning materials that I have studied myself. I hope it will be helpful to friends who want to learn network security!
Getting Started with Zero Basics
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said to be the most scientific and systematic learning route. It will be no problem for everyone to follow this general direction.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can learn them all, you will have no problem taking on private work.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above. [Click to get the video tutorial]
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are also more than 200 e-books [Click to receive technical documents ]
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF and digging SRC vulnerabilities. There are also more than 200 e-books [click to receive the book ]
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to get the
CSDN gift package: "Hacking & Network Security Introduction & Advanced Learning Resource Package" for free sharing
