Kubelet vulnerabilities on Windows nodes: CVE-2023-3676, CVE-2023-3955 and CVE-2023-3893
Kubernetes security: three new interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes...
Mar 29, 2022
Recently discovered vulnerability – CVE-2022-23648 – in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general container isolation is expected to prevent such access, in Kubernetes, it is especially dangerous because well-known and highly sensitive files are stored in known locations on the host.
The most attractive file for the attackers to target will be the kubelet’s private key, used to communicate between node kubelet and the KubeAPI server. Kubelet is an absolutely trusted component in Kubernetes, and it can ask the KubeAPI server to provide any information stored in ETCD, such as Kubernetes Secrets, ConfigMaps, etc. This information can be exfiltrated or used locally to access protected interfaces and data assets in the Kubernetes and even the entire cloud infrastructure.
If you are running containerd versions prior to 1.6.1, 1.5.10, and 1.14.12, your cluster is susceptible to potential attacks utilizing this vulnerability.
Kubescape has developed a dedicated control – C-0087 – under the ArmoBest framework, verifying if containerd is the active CRI and checking vulnerable version numbers.
If your cluster is vulnerable, it’s highly recommended to upgrade the containerd version as soon as possible.
In the meantime, make sure that all your deployment definitions come from a trusted source and do not attempt to specify a volume referencing a suspicious path on the host machine.
Please install or update to the latest Kubescape version from GitHub or via the following command:
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
To scan your cluster use the following command:
kubescape scan framework armobest
Kubernetes security: three new interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes...
Security researchers at ARMO have found a high-severity vulnerability in the Kyverno admission controller container...
All the main K8s vulnerabilities from 2022 consolidated into one article. Read all about it...