Skip to main content
  • EN

Not sure if this is a topic for Kubernetes Korner or Cyber Security Space.


Microsoft has found a security vulnerability in Azure Arc which allows attackers, if they find out the randomly generated DNS name, to elevate their privileges to those of a cluster administrator.
This has been given an impressive CVSS score of 10 from 10.

In additon Azure Stack Edge devices are also affected by this issue.

Azure Arc can be used to connect and manage Kubernetes clusters in different locations.
So with this vulnerability an attacker could gain control over the Kubernetes clusters.

Remediation

If you have auto-upgrade enabled (default), then you should already be safe.
If not, or if you want to check anyways, the following agent versions are protected agains this vulnerability, according to Microsoft:

  • 1.5.8 and above
  • 1.6.19 and above
  • 1.7.18 and above
  • 1.8.11 and above

For Azure Stack Edge, you must update to release 2209 (software version 2.2.2088.5593)

More information and a detailed description to check whether you're affected can be found here:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968

 

 

To me it belongs here since it is security related.  Thanks for sharing.

Great share 👍

Yes, Azure Arc is a Microsoft only tool it would seem and also allows you to control physical servers and vm’s so better here even if the vulnerability only allows escalation on AKS cluster in my opinion. 

Interesting description of ARC here https://learn.microsoft.com/en-us/azure/azure-arc/overview

Comment


Terms & Conditions