Описание
Azure Active Directory Pod Identity Spoofing Vulnerability
FAQ
What can an attacker do with this vulnerability?
The AAD pod identity enables users to assign identities to pods in Kubernetes clusters and fetch them from the pods using a regular IMDS (Azure Instance Metadata Service) request. When an identity is assigned to a pod, the pod can access to the IMDS endpoint and get a token of that identity. An attacker who successfully exploited this vulnerability can laterally steal the identities that are associated with different pods.
How do I know if I need to install the update?
Customers with existing installation need to re-deploy their cluster and use Azure CNI instead of the default kubernet.
For more information, please see details here:
- Configure Azure CNI networking in Azure Kubernetes Service (AKS)
- Deploy AAD Pod Identity in a Cluster with Kubenet
New installations will already have the update installed.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Azure Kubernetes Service |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Azure Active Directory Pod Identity Spoofing Vulnerability
Azure Active Directory Pod Identity Spoofing Vulnerability
Уязвимость службы Microsoft Azure Kubernetes операционной системы Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.5 Medium
CVSS3