Summary: A critical security vulnerability, CVE-2023-32197, has been discovered in RKE2, Rancher’s Kubernetes distribution for high-security environments, particularly affecting Windows deployments. This vulnerability allows unauthorized access to sensitive files, potentially leading to privilege escalation and posing significant security risks.
Threat Actor: Malicious actors | malicious actors
Victim: RKE2 users | RKE2 users
Key Point :
- CVE-2023-32197 has a CVSS severity score of 9.1, affecting RKE2 deployments on Windows nodes.
- The vulnerability allows users in specific groups to access and modify critical files, leading to potential privilege escalation.
- Rancher has released patches in RKE2 versions 1.31.0, 1.30.2, 1.29.6, 1.28.11, and 1.27.15 to address the issue.
- A workaround involves using a PowerShell script to enforce stricter ACLs on affected files until patches can be applied.
A significant security vulnerability, CVE-2023-32197, has been identified in RKE2, Rancherβs Kubernetes distribution geared toward high-security environments, including the U.S. Federal Government. The vulnerability, rated with a high severity score of 9.1 on the CVSS scale, affects RKE2 deployments on Windows nodes by allowing unauthorized access to sensitive files through insecure Access Control Lists (ACLs), potentially leading to privilege escalation.
This vulnerability allows any user within the BUILTINUsers or NT AUTHORITYAuthenticated Users groups to view or modify critical files, such as binaries, scripts, configuration, and log files, within the Windows environment. Unauthorized access to these files, including those stored in directories like C:etcranchernodepassword and C:varlibrancherrke2agentlogskubelet.log, can allow malicious actors to gain elevated privileges on the affected system, posing a substantial security risk.
The flaw impacts the following files and directories:
This issue is exclusive to RKE2 deployments in Windows environments, meaning Linux installations of RKE2 remain unaffected by this particular vulnerability.
Rancher has addressed this vulnerability in the following RKE2 versions:
- RKE2 1.31.0
- RKE2 1.30.2
- RKE2 1.29.6
- RKE2 1.28.11
- RKE2 1.27.15
Users are advised to perform a fresh installation of RKE2 on Windows nodes with a patched version to mitigate this security risk. Additionally, Rancher Manager, a crucial tool in managing Kubernetes deployments, is also impacted by this flaw, with patched versions available in Rancher Manager 2.8.9 and 2.9.3. Users of Rancher Manager 2.7 should upgrade to a newer minor version, as no patches will be issued for that series.
For users unable to apply the patches immediately, a workaround can be implemented to secure ACLs on affected files manually. Running a PowerShell script as an Administrator on each node can enforce stricter ACLs, limiting unauthorized access to sensitive files. This temporary measure can help secure the environment until a full patch can be applied.
Related Posts:
Source: https://securityonline.info/cve-2023-32197-rke2-flaw-exposes-windows-nodes-privilege-escalation