Kubernetes Command Injection: The Sequel Nobody Asked For!
Kubernetes patched a command injection vulnerability in its NodeLogQuery feature, but only if your bingo card includes a Windows node, log-reading permissions, and the feature enabled in “Beta”. Think of it as the cybersecurity equivalent of a unicorn sighting!
Hot Take:
Ah, Kubernetes, the gift that keeps on giving—especially if you’re into command injection vulnerabilities! While most of us are busy enjoying our pumpkin spice lattes, someone out there is trying to turn Kubernetes into their own personal command-and-control center. It’s like that one friend who always has to go and ruin the party with a terrible karaoke performance. But hey, at least this time, they need a Windows machine and some permissions. So, if you’re not on a Windows node, congratulations, you’re safe—at least until the next vulnerability comes along.
Key Points:
- Kubernetes had a command injection vulnerability in the NodeLogQuery feature (CVE-2024-9042).
- The exploit required the node to be running Windows and the attacker to have log-reading permissions.
- The NodeLogQuery feature was in “Beta” and not enabled by default, reducing its prevalence.
- New suspicious activity suggests a similar vulnerability is being exploited.
- The current exploit uses an endpoint and pattern to perform command injection.