An attacker can exploit a high-severity Kubernetes vulnerability to execute arbitrary code on Windows endpoints.
This vulnerability impacts default Kubernetes installations and has been found in the processing of YAML files by the open-source container orchestration system. This process is used for almost every function. This vulnerability was witnessed during the creation of a pod that includes a local volume which enabled the mounting of disk partitions. Due to the fact that the function contains a cmd call, an attacker can inject arbitrary commands while simultaneously controlling one parameter in the cmd execution. This enables commands to be executed within the system privileges. In order to resolve the issue, Kubernetes has removed the cmd call and instead replaced it with a native Go function which performs only the symlink operation. Organizations are encouraged to upgrade Kubernetes to 1.28.4 to mitigate the presence of the vulnerability that exists in versions 1.28.3 and prior.
Read more: