low

Multiple issues in AWS IAM Authenticator for Kubernetes

Published Tue, Oct 6th, 2020

Platforms

Summary

Amazon Elastic Kubernetes Service (EKS) uses IAM to provide authentication to the cluster through the AWS IAM Authenticator for Kubernetes (aws-iam-authenticator). Multiple issues were identified in the authenticator that could have allowed exploitation, namely (1) a lax regular expression used to verify presigned URLs; (2) HTTP client redirect follow (due to using Golang HTTP client in its default configuration); (3) use of the Golang URL.Query function (which silently drops parameters that Go considers invalid, rather than raising an error and rejecting invalid tokens); and (4) no verification that the cluster uses Go versions newer than 1.12 (as older versions are vulnerable to request smuggling).

Affected Services

EKS

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://bugs.chromium.org/p/project-zero/issues/detail?id=2066 https://github.com/kubernetes-sigs/aws-iam-authenticator/pull/341

Contributed by https://github.com/korniko98

Entry Status

Finalized

Disclosure Date

Wed, Jul 15th, 2020

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Felix Wilhelm, Google

More vulnerabilities...

high

Google Cloud Shell XSS to RCE Vulnerability

A vulnerability in Google Cloud Shell allowed escalation from XSS to full instance takeover as root. The attack exploited an XSS in the markdown preview functionality to read sensitive files, obtai...

Omar EspinoOct 1, 2020

low

S3 bucket tagging not restricted

Lack of the privilege s3:PutBucketTagging did not restrict the ability to tag S3 buckets.

Ian MckaySep 28, 2020

low

Encryption SDK vulnerabilities

AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0 were susceptible to information leakage (an attacker could create ciphertexts that would leak the user’s AWS account ID, encry...

Thai Duong (thaidn), GoogleSep 28, 2020

View all