Cyber Security News

Karmada Vulnerability Grants Attackers Control of Kubernetes Systems

Cyware

Cyberattack Disrupts Online Services at Sarapu Town Hall

Summary: A critical vulnerability (CVE-2024-56513) has been discovered in Karmada, a platform for managing cloud-native applications across Kubernetes clusters, allowing attackers to exploit excessive privileges in PULL mode clusters. This flaw, with a CVSSv4 score of 8.7, poses significant risks to system security and requires immediate attention from users.

Threat Actor: Unknown | unknown
Victim: Karmada users | Karmada

Key Point :

  • Excessive privileges in PULL mode clusters can lead to administrative control over the entire federation system.
  • Vulnerability allows unauthorized access to sensitive configuration data and manipulation of application traffic.
  • All versions prior to 1.12.0 are affected; users should upgrade to version 1.12.0 or later immediately.
  • For those unable to upgrade, guidance on restricting access permissions is available in Karmada’s Component Permissions Documentation.

A high-severity vulnerability (CVE-2024-56513) has been identified in Karmada (Kubernetes Armada), a management platform designed to facilitate cloud-native applications across multiple Kubernetes clusters and clouds. This flaw, which has been assigned a CVSSv4 score of 8.7, poses a severe threat to systems utilizing Karmada’s PULL mode clusters.

The CVE-2024-56513 vulnerability lies in the excessive privileges granted to PULL mode clusters registered via the karmadactl register command. These clusters, intended to streamline multi-cloud and hybrid cloud application management, inadvertently expose critical control plane resources. An attacker able to authenticate as the karmada-agent could exploit these permissions to gain administrative control over the entire federation system, including all member clusters.

Such privilege escalation could lead to:

  • Unauthorized access to sensitive configuration data.
  • Manipulation or disruption of application traffic scheduling.
  • Potential lateral attacks across member clusters.

The vulnerability affects all versions of Karmada prior to 1.12.0. Karmada has released version 1.12.0, which includes a patch for this vulnerability. Users are strongly advised to upgrade to this version or a later version as soon as possible.

For users unable to immediately upgrade, Karmada’s Component Permissions Documentation provides guidance on restricting PULL mode cluster access permissions. Implementing these configurations can reduce the risk of exploitation until a full upgrade is feasible.

Related Posts:

Share

Source:
https://securityonline.info/cve-2024-56513-karmada-vulnerability-grants-attackers-control-of-kubernetes-systems/