CVE-2024-3177

Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Severity Score

2.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.

Se descubrió un problema de seguridad en Kubernetes donde los usuarios pueden lanzar contenedores que omiten la política de secretos montables aplicada por el complemento de admisión ServiceAccount cuando usan contenedores, contenedores init y contenedores efímeros con el campo envFrom completo. La política garantiza que los pods que se ejecutan con una cuenta de servicio solo puedan hacer referencia a secretos especificados en el campo de secretos de la cuenta de servicio. Los clústeres de Kubernetes solo se ven afectados si el complemento de admisión ServiceAccount y la anotación kubernetes.io/enforce-mountable-secrets se usan junto con contenedores, contenedores init y contenedores efímeros con el campo envFrom completo.

A flaw was found in Kubernetes' kube-apiserver. This flaw allows authenticated users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.

*Credits: tha3e1vl

CVSS Scores

Kubernetesv3.1 2.7

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-04-01 CVE Reserved
2024-04-22 CVE Published
2024-06-08 First Exploit
2024-09-10 CVE Updated
2024-09-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-213: Exposure of Sensitive Information Due to Incompatible Policies

CAPEC

CAPEC-554: Functionality Bypass

References (8)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2024/04/16/4
https://github.com/kubernetes/kubernetes/issues/124336	Issue Tracking
https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC

URL	Date	SRC
https://github.com/FreySolarEye/Exploit-CVE-2024-31777	2024-06-08

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-3177	2024-05-02
https://bugzilla.redhat.com/show_bug.cgi?id=2274118	2024-05-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kubernetes Search vendor "Kubernetes"		Kubernetes Search vendor "Kubernetes" for product "Kubernetes"				<= 1.27.12 Search vendor "Kubernetes" for product "Kubernetes" and version " <= 1.27.12"		en		Affected