CVE-2020-26278 – Weave Net Pods running in host PID namespace can be used to escalate other Kubernetes vulnerabilities

https://notcve.org/view.php?id=CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is supplied with a manifest that runs pods on every node in a Kubernetes cluster, which are responsible for managing network connections for all other pods in the cluster. This requires a lot of power over the host, and the manifest sets `privileged: true`, which gives it that power. It also set `hostPID: true`, which gave it the ability to access all other processes on the host, and write anywhere in the root filesystem of the host. • https://github.com/weaveworks/weave/blob/master/CHANGELOG.md#release-280 https://github.com/weaveworks/weave/commit/a0ac81b3b4cae6d0dcaf3732fd91cedefc89f720 https://github.com/weaveworks/weave/pull/3876 https://github.com/weaveworks/weave/security/advisories/GHSA-pg3p-v8c6-c6h3 • CWE-250: Execution with Unnecessary Privileges •