March 14, 2024 at 07:57AM
Akamai issued a warning about a high-severity Kubernetes vulnerability, CVE-2023-5528, affecting default installations. The issue allows arbitrary code execution with System privileges on Windows endpoints when creating a pod with a local volume. Akamai provided a PoC exploit and advised upgrading to Kubernetes version 1.28.4, even for clusters without Windows nodes.
Based on the meeting notes, it seems the main agenda was regarding a high-severity Kubernetes vulnerability known as CVE-2023-5528. This vulnerability impacts default Kubernetes installations and allows for arbitrary code execution with System privileges on all Windows endpoints in a cluster. The vulnerability arises from the way Kubernetes processes YAML files, specifically when creating a pod that includes a local volume, allowing for the mounting of disk partitions. Akamai has published proof-of-concept (PoC) exploit code for this vulnerability.
To address this issue, Kubernetes has removed the vulnerable cmd call and replaced it with a native Go function that performs only the symlink operation. It is important to note that all deployments of Kubernetes version 1.28.3 and prior with Windows nodes in the cluster are vulnerable to CVE-2023-5528. Organizations are strongly encouraged to upgrade to Kubernetes version 1.28.4 to mitigate this vulnerability. Akamai advises that even clusters without any Windows nodes should be patched as the threat is likely to remain active and the exploitation may increase.
Additionally, the meeting notes also mention related articles about dangerous Google Kubernetes Engine misconfigurations, vulnerabilities in Google Kubernetes Engine that could lead to cluster takeover, and exposure of sensitive Kubernetes secrets. It’s important to stay informed about these related issues for overall security maintenance within the organization’s Kubernetes environment.