cnvd - cnvd-2024-24974

cnvd-2024-24974

Vulnerability from cnvd

Title: Kubernetes输入验证错误漏洞

Description:

Kubernetes（K8s）是云原生计算基金会（Cloud Native Computing Foundation）的一个开源系统，用于自动部署、扩展和管理容器化应用程序。

Kubernetes存在安全漏洞，攻击者可利用该漏洞绕过ServiceAccount准入插件强制执行的可挂载机密策略。

Severity: 低

Patch Name: Kubernetes输入验证错误漏洞的补丁

Patch Description:

Kubernetes（K8s）是云原生计算基金会（Cloud Native Computing Foundation）的一个开源系统，用于自动部署、扩展和管理容器化应用程序。

Kubernetes存在安全漏洞，攻击者可利用该漏洞绕过ServiceAccount准入插件强制执行的可挂载机密策略。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已提供漏洞修复方案，请关注厂商主页更新： https://github.com/kubernetes/kubernetes/pull/124326

Reference: https://www.exploit-db.com/exploits/51975

Impacted products

Name
Kubernetes Kubernetes

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-3177",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-3177"
    }
  },
  "description": "Kubernetes\uff08K8s\uff09\u662f\u4e91\u539f\u751f\u8ba1\u7b97\u57fa\u91d1\u4f1a\uff08Cloud Native Computing Foundation\uff09\u7684\u4e00\u4e2a\u5f00\u6e90\u7cfb\u7edf\uff0c\u7528\u4e8e\u81ea\u52a8\u90e8\u7f72\u3001\u6269\u5c55\u548c\u7ba1\u7406\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f\u3002\n\nKubernetes\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7ServiceAccount\u51c6\u5165\u63d2\u4ef6\u5f3a\u5236\u6267\u884c\u7684\u53ef\u6302\u8f7d\u673a\u5bc6\u7b56\u7565\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/kubernetes/kubernetes/pull/124326",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-24974",
  "openTime": "2024-05-30",
  "patchDescription": "Kubernetes\uff08K8s\uff09\u662f\u4e91\u539f\u751f\u8ba1\u7b97\u57fa\u91d1\u4f1a\uff08Cloud Native Computing Foundation\uff09\u7684\u4e00\u4e2a\u5f00\u6e90\u7cfb\u7edf\uff0c\u7528\u4e8e\u81ea\u52a8\u90e8\u7f72\u3001\u6269\u5c55\u548c\u7ba1\u7406\u5bb9\u5668\u5316\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nKubernetes\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7ServiceAccount\u51c6\u5165\u63d2\u4ef6\u5f3a\u5236\u6267\u884c\u7684\u53ef\u6302\u8f7d\u673a\u5bc6\u7b56\u7565\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Kubernetes\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Kubernetes Kubernetes"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/51975",
  "serverity": "\u4f4e",
  "submitTime": "2024-04-25",
  "title": "Kubernetes\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2024-3177 (GCVE-0-2024-3177)

Vulnerability from cvelistv5

Published

2024-04-22 23:00

Modified

2024-09-10 20:48

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-20 - Improper Input Validation

Summary

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.

References

▼	URL	Tags
	https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ	mailing-list
	https://github.com/kubernetes/kubernetes/issues/124336	issue-tracking

Impacted products

	Vendor	Product	Version
	Kubernetes	Kubernetes	Version: 0 ≤ 1.27.12 Version: v1.28.0 - v1.28.8 Version: v1.29.0 - v1.29.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "kubernetes",
            "vendor": "kubernetes",
            "versions": [
              {
                "status": "affected",
                "version": "1.29.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3177",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T00:12:31.706727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:03.250Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:05:07.568Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/kubernetes/issues/124336"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/16/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Kubernetes",
          "vendor": "Kubernetes",
          "versions": [
            {
              "lessThanOrEqual": "1.27.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "v1.28.0 - v1.28.8"
            },
            {
              "status": "affected",
              "version": "v1.29.0 - v1.29.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "tha3e1vl"
        }
      ],
      "datePublic": "2024-04-16T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eA security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.\u003c/div\u003e"
            }
          ],
          "value": "A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T20:48:09.780Z",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/kubernetes/kubernetes/issues/124336"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eTo mitigate this vulnerability, upgrade Kubernetes: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/\"\u003ehttps://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/\u003c/a\u003e\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "To mitigate this vulnerability, upgrade Kubernetes:  https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2024-3177",
    "datePublished": "2024-04-22T23:00:39.702Z",
    "dateReserved": "2024-04-01T23:49:13.716Z",
    "dateUpdated": "2024-09-10T20:48:09.780Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted