SecuriTricks - CVE-2024-42363

Description

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385.

Product(s) Impacted

Product	Versions
Kubernetes	before 3385

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References

https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/controllers/kubernetes/role_verifications_controller.rb#L10

https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/controllers/kubernetes/role_verifications_controller.rb#L7

https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/models/kubernetes/role_config_file.rb#L80

https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/models/kubernetes/util.rb#L9

https://github.com/zendesk/samson/pull/4071

https://securitylab.github.com/advisories/GHSL-2023-136_Samson/

CVSS Score

8.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Aug. 20, 2024, 9:15 p.m.
Last Modified: Aug. 21, 2024, 12:30 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVE-2024-42363