Kubernetes Remote Code Execution via Nodes/Proxy Get Permission(grahamhelton.com)
grahamhelton.com
Kubernetes Remote Code Execution via Nodes/Proxy Get Permission
https://grahamhelton.com/blog/nodes-proxy-rce
4 コメント
It is a know problem. The strange part for me is that they fixed it in v1.35 with the FeatureGate AuthorizePodWebsocketUpgradeCreatePermission for pods but not for nodes which have a far greater attact vector. The author also references this:
> The same behavior was fixed elsewhere
It is a problem, but in order to exploit it you need a valid token and have public kubelet endpoints or need to compromise an service within the cluster that has the required RBAC permissions. So cluster admins can cat and check their RBAC
> The same behavior was fixed elsewhere
It is a problem, but in order to exploit it you need a valid token and have public kubelet endpoints or need to compromise an service within the cluster that has the required RBAC permissions. So cluster admins can cat and check their RBAC
You don’t have to remotely compromise the service within the cluster. A supply-chain attack will do as well.
This is what freaks me out about clawdbot/molbot (whatever it’s called now)
That's rough