CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive
Introduction Attention: a new Kubernetes vulnerability was uncovered by André Storfjord Kristiansen (@dev-bio on GitHub)...
Nov 11, 2022
Grafana Labs published a security advisory for a new critical vulnerability in its open-source product. The vulnerability, marked as CVE-2022-39328, enables attackers to bypass authorization on arbitrary service endpoints.
A fix is already out. To get it, it’s essential to update vulnerable versions 9.2.x to 9.2.4.
According to the Grafana labs release:
“Summary: An internal security audit identified a race condition in the Grafana codebase, which allowed an unauthenticated user to query an arbitrary endpoint in Grafana. A race condition in the HTTP context creation could result in an HTTP request being assigned the authentication/authorization middleware of another call. Under heavy load, it is possible that a call protected by a privileged middleware receives the middleware of a public query instead. As a result, an unauthenticated user can successfully query protected endpoints. The CVSS score for this vulnerability is 9.8 Critical.
Impact: Unauthenticated users can query arbitrary endpoints with malicious intent.”
Grafana released a fix: version 9.2.4.
Team Kubescape has developed a dedicated control – C-0090 – in the ARMOBest framework. It can verify whether your system has vulnerable Grafana versions that might be exploited by this CVE.
Run the control now and check your system:
>kubescape scan control C-0090
To stay up to date, make sure to subscribe to our blog.
Introduction Attention: a new Kubernetes vulnerability was uncovered by André Storfjord Kristiansen (@dev-bio on GitHub)...
(We are talking about the xz/libzma backdoor identified with CVE-2024-3094) Summary of the OpenSSH XZ...
Read our update: Yet another reason why the xz backdoor is a sneaky b@$tard On...