InfoSecBulletin Cybersecurity for mankind
A new security flaw traced, CVE-2024-9042, poses a serious risk to Kubernetes clusters with Windows worker nodes. It has a Medium rating and a CVSS v3.1 score of 5.9, allowing attackers to execute commands on the host machine through the node’s /logs endpoint.
A vulnerability in the Kubelet component of Kubernetes affects Windows worker nodes. Attackers who can query a node’s /logs endpoint can exploit this flaw to execute commands on the host.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Organizations should evaluate their Kubernetes environments for these conditions:
Component: Kubelet
Affected Versions:
v1.32.0
v1.31.0 to v1.31.4
v1.30.0 to v1.30.8
<=v1.29.12
Clusters with the affected versions on Windows worker nodes are at risk. Upgrade the Kubelet on your Windows worker nodes to the updated patched versions for better system security.
v1.32.1
v1.31.5
v1.30.9
v1.29.13
It is recommended to update promptly to prevent potential exploitation.
System administrators can identify potential exploitation by reviewing cluster audit logs for unusual queries to the /logs endpoint. Focus on entries with unexpected input patterns.
CVE-2024-9042 has a Medium severity rating, but its impact on Kubernetes environments requires prompt mitigation.
Organizations using Kubernetes with Windows worker nodes should quickly apply fixes to avoid exploitation.
