CVE-2022-41939

Credential exposure when running third-party builders in knative/func

Severity Score

7.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.

knative.dev/func es una librería cliente y CLI que permite el desarrollo y la implementación de funciones de Kubernetes. Los desarrolladores que utilizan un paquete de compilación de terceros malicioso o comprometido podrían exponer sus credenciales de registro o su conector acoplable local a un contenedor de "ciclo de vida" malicioso. Este problema se solucionó en PR #1442 y es parte de la versión 1.8.1. Este problema solo afecta a los usuarios que utilizan paquetes de funciones de terceros; fijar la imagen del generador a un hash de contenido específico con una imagen de "lifecycle" válida también mitigará el ataque.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-30 CVE Reserved
2022-11-19 CVE Published
2024-06-11 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (4)

URL	Tag	Source
https://github.com/knative/func/blob/5ca77d38744d3481cc0b795f607c5859b19588fc/buildpacks/builder.go#L37-L41	Third Party Advisory
https://github.com/knative/func/releases/tag/knative-v1.8.1	Release Notes

URL	Date	SRC
https://github.com/knative/func/security/advisories/GHSA-5336-2g3f-9g3m	2024-08-03

URL	Date	SRC
https://github.com/knative/func/pull/1442	2023-03-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linuxfoundation Search vendor "Linuxfoundation"		Knative Func Search vendor "Linuxfoundation" for product "Knative Func"				< 1.8.1 Search vendor "Linuxfoundation" for product "Knative Func" and version " < 1.8.1"		-		Affected