Cybersecurity researchers have uncovered three safety weaknesses in Microsoft’s Azure Knowledge Manufacturing facility Apache Airflow integration that, if efficiently exploited, may have allowed an attacker to realize the flexibility to conduct numerous covert actions, together with information exfiltration and malware deployment.
“Exploiting these flaws could allow attackers to gain persistent access as shadow administrators over the entire Airflow Azure Kubernetes Service (AKS) cluster,” Palo Alto Networks Unit 42 mentioned in an evaluation printed earlier this month.
The vulnerabilities, albeit categorised as low severity by Microsoft, are listed beneath –
- Misconfigured Kubernetes RBAC in Airflow cluster
- Misconfigured secret dealing with of Azure’s inner Geneva service, and
- Weak authentication for Geneva
Moreover acquiring unauthorized entry, the attacker may make the most of the issues within the Geneva service to probably tamper with log information or ship faux logs to keep away from elevating suspicion when creating new pods or accounts.
The preliminary entry method entails crafting a directed acyclic graph (DAG) file and importing it to a non-public GitHub repository related to the Airflow cluster, or altering an present DAG file. The tip objective is to launch a reverse shell to an exterior server as quickly because it’s imported.
To drag this off, the risk actor must first acquire write permissions to the storage account containing DAG recordsdata by using a compromised service principal or a shared entry signature (SAS) token for the recordsdata. Alternatively, they’ll break right into a Git repository utilizing leaked credentials.
Though the shell obtained on this method was discovered to be working below the context of the Airflow person in a Kubernetes pod with minimal permissions, additional evaluation recognized a service account with cluster-admin permissions related to the Airflow runner pod.
This misconfiguration, coupled with the truth that the pod might be reachable over the web, meant that the attacker may obtain the Kubernetes command-line software kubectl and in the end take full management of your entire cluster by “deploying a privileged pod and breaking out onto the underlying node.”
The attacker may then leverage the basis entry to the host digital machine (VM) to burrow deeper into the cloud surroundings, acquire unauthorized entry to Azure-managed inner assets, together with Geneva, a few of which grant write entry to storage accounts and occasion hubs.
“This means a sophisticated attacker could modify a vulnerable Airflow environment,” safety researchers Ofir Balassiano and David Orlovsky mentioned. “For example, an attacker could create new pods and new service accounts. They could also apply changes to the cluster nodes themselves and then send fake logs to Geneva without raising an alarm.”
“This issue highlights the importance of carefully managing service permissions to prevent unauthorized access. It also highlights the importance of monitoring the operations of critical third-party services to prevent such access.”
The disclosure comes because the Datadog Safety Labs detailed a privilege escalation situation in Azure Key Vault that might allow customers with the Key Vault Contributor position to learn or modify Key Vault contents, reminiscent of API keys, passwords, authentication certificates, and Azure Storage SAS tokens.
The issue is that whereas a person with the Key Vault Contributor position had no direct entry to Key Vault information over a key vault configured with entry insurance policies, it was found that the position did include permissions so as to add itself to Key Vault entry insurance policies and entry Key Vault information, successfully bypassing the restriction.
“A policy update could contain the ability to list, view, update and generally manage the data within the key vault,” safety researcher Katie Knowles mentioned. “This created a scenario where a user with the Key Vault Contributor role could gain access to all Key Vault data, despite having no [Role-Based Access Control] permission to manage permissions or view data.”
Microsoft has since up to date its documentation to emphasise the entry coverage threat, stating: “To prevent unauthorized access and management of your key vaults, keys, secrets, and certificates, it’s essential to limit Contributor role access to key vaults under the Access Policy permission model.”
The event additionally follows the invention of a difficulty with Amazon Bedrock CloudTrail logging that made it tough to distinguish malicious queries from respectable ones made to massive language fashions (LLMs), thereby permitting unhealthy actors to conduct reconnaissance with out elevating any alert.
“Specifically, failed Bedrock API calls were logged in the same manner as successful calls, without providing any specific error codes,” Sysdig researcher Alessandro Brucato mentioned.
“The lack of error information in API responses may hinder detection efforts by generating false positives in CloudTrail logs. Without this detail, security tools may misinterpret normal activity as suspicious, leading to unnecessary alerts and potential oversight of genuine threats.”
