high

WireServing Up Credentials in Azure Kubernetes Services

Published Mon, Aug 19th, 2024

Platforms

Summary

A vulnerability in Azure Kubernetes Services allowed attackers to escalate privileges and access cluster credentials. Affected clusters used Azure CNI for network configuration and Azure for network policy. Attackers could exploit this issue to steal data and cause financial and reputational damage. The vulnerability has been fixed by Microsoft after disclosure by Mandiant.

Affected Services

Azure Kubernetes Services

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://cloud.google.com/blog/topics/threat-intelligence/escalating-privileges-azure-kubernetes-services/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Exploitablity Period

Known ITW Exploitation

Detection Methods

Monitor for suspicious access to the WireServer (http://168.63.129.16) and HostGAPlugin endpoints. Implement NetworkPolicies to restrict access to these internal Azure services from within Kubernetes pods.

Piercing Index Rating

Discovered by

Nick McClendon, Daniel McNamara, Jacob Paullus, Mandiant

More vulnerabilities...

high

AWS Direct Connect route injection issue

A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP, effectively hijacking AWS-sourced traffic. This resulted in connectivity...

Jamie Finnigan

Thu, Aug 15th, 2024

Azue Health privilege escalation via SSRF

Tenable

Tue, Aug 13th, 2024

high

Privilege Elevation Vulnerability in Entra ID

Semperis researchers discovered vulnerabilities in Microsoft applications that allowed privilege elevation in Entra ID beyond expected authorization controls. The most severe finding enabled adding...

Eric Woodruff, Semperis

Wed, Aug 7th, 2024

View all