ControlPlane is sponsoring the first four chapters of the book, download them for free.
Running cloud native workloads on Kubernetes can be challenging: keeping them secure is even more so. Kubernetes’ complexity offers malicious in-house users and external attackers alike a large assortment of attack vectors. In this book, Andrew Martin and Michael Hausenblas review Kubernetes defaults and threat models and shows how to protect against attacks.
Based on our combined 10+ years of hands-on experience designing, running, attacking, and defending Kubernetes-based workloads and clusters, we want to equip you, the cloud native security practitioner, with what you need to be successful in your job.
We both have served in different companies and roles, gave training sessions, and published material from tooling to blog posts as well as have shared lessons learned on the topic in various public speaking engagements. Much of what motivates us here and the examples we use are rooted in experiences we made in our day-to-day jobs and/or saw at customers.
Unless noted, these CVEs are patched, and are here to serve only as a historical reference. See also @rasene’s HackMD.
CVE-2017-1002101 - Subpath volume mount mishander. Containers using subpath volume mounts with any volume type (including nonprivileged pods subject to file permissions) can access files/directories outside of the volume including the host’s filesystem.
CVE-2017-1002102 - Downward API host filesystem delete. Containers using a Secret, ConfigMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
CVE-2017-5638 - (Non-Kubernetes) Apache Struts invalid
header parsing failure, allowing arbitrary code execution. The bug in
the Jakarta Multipart parser registered the input as OGNL code,
converted it to an executable, and moved it to the server’s temporary
CVE-2018-1002105 - API server websocket TLS tunnel
error mishandling. Incorrect error response handling of proxied upgrade
requests in the
kube-apiserver allowed specially crafted requests to
establish a connection through the Kubernetes API server to backend
servers. Subsequent arbitrary requests over the same connection transit
directly to the backend authenticated with the Kubernetes API server’s
runc hostile image AppArmor
bypass. Allows AppArmor restriction bypass because
libcontainer/rootfs_linux.go incorrectly checks mount targets, and
thus a malicious Docker image can mount over a
allows attackers to overwrite the host
runc binary (and consequently
obtain host root access) by leveraging the ability to execute a command
as root within one of these types of containers: (1) a new container
with an attacker-controlled image, or (2) an existing container, to
which the attacker previously had write access, that can be attached
with docker exec. This occurs because of file-descriptor mishandling,
related to /proc/self/exe.
write. To copy files from a container Kubernetes runs
tar inside the
container to create a Tar archive, and copies it over the network where
kubectl unpacks it on the user’s machine. If the
tar binary in the
container is malicious, it could run any code and output unexpected
malicious results. An attacker could use this to write files to any path
on the user’s machine when
kubectl cp is called, limited only by the
system permissions of the local user.
CVE-2018-18264 - Kubernetes Dashboard before v1.10.1 allows attackers to bypass authentication and use Dashboard’s ServiceAccount for reading Secrets within the cluster.
CVE-2019-1002100 - API Server JSON patch Denial of Service. Users that
are authorized to make HTTP
PATCH requests to the Kubernetes API
Server can send a specially crafted patch of type ``json-patch’’ (e.g.,
kubectl patch --type json or
"Content-Type: application/json-patch+json") that consumes excessive
resources while processing.
CVE-2018-1002100 - Original
kubectl cp. The
kubectl cp command insecurely handles
tar data returned from the
container and can be caused to overwrite arbitrary local files.
CVE-2019-1002101 - Similar to
CVE-2019-11249, but extended in that the
untar function can both create and follow symbolic links.
mustRunAsNonRoot: true bypass. Containers for pods
that do not specify an explicit
runAsUser attempt to run as uid 0
(root) on container restart, or if the image was previously pulled to
CVE-2019-11247 - Cluster RBAC mishandler. The Kubernetes
kube-apiserver mistakenly allows access to a cluster-scoped custom
resource if the request is made as if the resource were namespaced.
Authorizations for the resource accessed in this manner are enforced
using roles and role bindings within the namespace meaning that a user
with access only to a resource in one namespace could create, view,
update, or delete the cluster-scoped resource (according to their
namespace role privileges).
kubelet /debug/pprof information disclosure and
denial of service. The debugging endpoint /debug/pprof is exposed over
healthz healthcheck endpoint port, which
can potentially leak sensitive information such as internal Kubelet
memory addresses and configuration or for limited denial of service.
CVE-2019-11250 - Side channel information disclosure. The Kubernetes
client-go library logs request headers at verbosity levels of 7 or
higher. This can disclose credentials to unauthorized users via logs or
command output. Kubernetes components (such as
make use of basic or bearer token authentication and run at high
verbosity levels are affected.
kube-proxy unexpectedly makes
localhost-bound host services available on the network.
CVE-2020-14386 - Integer overflow from raw packet on the ``loopback’’
(or localhost) network interface. Removing this with
sysctl -w kernel.unprivileged_userns_clone=0 or denying
protects unpatched kernels from exploitation.
CVE-2021-22555 - Linux Netfilter local privilege escalation flaw. When
setsockopt IPT_SO_SET_REPLACE (or
local user may exploit memory corruption to gain privileges or cause a
DoS via a user namespace. A kernel compiled with
CONFIG_NET_NS allows an unprivileged user to elevate privileges.
CVE-2021-25740 (unpatched) - Endpoint and EndpointSlice permissions allow cross-Namespace forwarding. users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
CVE-2021-31440 - Incorrect bounds calculation in the Linux kernel eBPF
verifier. By bypassing the verifier, this can exploit out-of-bounds
kernel access to escape, and the original proof of concept set UID and
GID to 0 and gained
CAP_SYS_MODULE to load an arbitrary kernel outside
CVE-2021-25741 - Symlink exchange can allow host filesystem access. A user may be able to create a container with subpath volume mounts to access files and directories outside of the volume, including on the host filesystem.