Kubernetes security flaw also earns bug bounty from Microsoft

John Leyden 04 June 2020 at 13:30 UTC
Updated: 04 June 2020 at 13:40 UTC

A riddle, wrapped inside an enigma, inside a container

Security researchers earned bug bounties from both Kubernetes and Microsoft after uncovering vulnerabilities in versions of the container technology that were hosted on Microsoft Azure.

French researchers Brice Augras and Christophe Hauquiert applied a server-side request forgery (SSRF) attack to put together a privilege elevation exploit.

The duo developed the attack after setting out to prepare a talk on Kubernetes security in a managed service environment.

Dynamic exploit

The flaw (CVE-2020-8555) related to the dynamic volume provisioning technology that comes bundled with Kubernetes, and more specifically the in-core provisioning mechanism.

By messing with the provisioning process, the researchers were able to access the cloud provider’s internal resources.

This opened the gateway to various exploits, such as dumping internal credentials/privilege escalation.

“The root cause (in this case a server-side request forgery) helped us escape our customer environment on multiple providers offering [Kubernetes’] managed service,” the researchers explain in a technical blog post.

The security pros reported the vulnerabilities to Microsoft in December and Kubernetes in January.

Bug bounties were received from both organizations before disclosure of the flaw, which was initially planned in March but was postponed due to the coronavirus pandemic.

READ MORE Cloudflare tracks massive spike in cyber-attacks as protests rage against George Floyd death

Source: The Daily Swig

Leave a Reply

Your email address will not be published. Required fields are marked *