bitcoin
bitcoin

$93756.141117 USD

-0.92%

ethereum
ethereum

$3371.931111 USD

2.91%

tether
tether

$0.998639 USD

-0.04%

xrp
xrp

$2.230649 USD

3.33%

bnb
bnb

$690.678211 USD

5.46%

solana
solana

$187.810309 USD

4.61%

dogecoin
dogecoin

$0.318610 USD

2.60%

usd-coin
usd-coin

$0.999967 USD

-0.01%

cardano
cardano

$0.902383 USD

2.63%

tron
tron

$0.251188 USD

3.00%

avalanche
avalanche

$38.078091 USD

4.93%

chainlink
chainlink

$23.862823 USD

7.49%

toncoin
toncoin

$5.554389 USD

3.02%

sui
sui

$4.584899 USD

7.48%

shiba-inu
shiba-inu

$0.000022 USD

3.84%

Cryptocurrency News Articles

Critical OpenMetadata Platform Flaws Threaten Kubernetes Workloads; Urgent Patches Needed

Apr 23, 2024 at 07:07 am

The OpenMetadata platform, utilized for data discovery and governance, has been compromised by critical vulnerabilities, enabling attackers to bypass authentication and execute Remote Code Execution (RCE) on Kubernetes workloads. These vulnerabilities permit unauthorized access and crypto-mining activities. Microsoft has urged users to apply updates to OpenMetadata and reinforce authentication measures to mitigate potential exploitation.

Critical OpenMetadata Platform Flaws Threaten Kubernetes Workloads; Urgent Patches Needed

Critical Vulnerabilities in OpenMetadata Platform Pose Severe Threat to Kubernetes Workloads: Urgent Mitigation Required

[Redmond, Washington] - February 28, 2023

Cybersecurity researchers from Microsoft have uncovered a series of critical vulnerabilities in the OpenMetadata platform that empower threat actors to exploit Kubernetes workloads for clandestine crypto mining activities. These vulnerabilities have the potential to compromise enterprise environments and disrupt critical business operations.

The Microsoft security blog has issued a stark warning, revealing that five significant vulnerabilities allow attackers to bypass authentication and execute Remote Code Execution (RCE) on affected Kubernetes workloads. These vulnerabilities, designated as CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254, affect OpenMetadata versions preceding 1.3.1.

Understanding the Vulnerabilities

CVE-2024-28255, rated 9.8 on the Common Vulnerability Scoring System (CVSS), exploits a flaw in the API authentication mechanism of OpenMetadata. By exploiting this vulnerability, attackers can bypass authentication and gain unauthorized access to sensitive endpoints.

CVE-2024-28255, assigned a CVSS score of 9.4, stems from deficiencies in JWT token validation within the JwtFilter component. This vulnerability allows attackers to send a malicious PUT request to modify system policies, potentially leading to remote code execution.

Exploitation Modus Operandi

Security analysts have observed a systematic attack sequence involving the exploitation of these vulnerabilities:

  1. Vulnerability Identification and Exploitation: Attackers target vulnerable versions of OpenMetadata and exploit the vulnerabilities to gain initial code execution within the container hosting the compromised image.
  2. Intrusion Validation and Connectivity Establishment: Post-infiltration, attackers validate their intrusion through ping requests to specific domains linked to Interactsh, a popular tool for attacker communication.
  3. Crypto-Mining Malware Deployment: Once successful access is established, attackers download crypto-mining malware from a remote server and execute it with elevated permissions. The server hosting the malware has been traced to China.

Mitigation Measures

To mitigate these threats and protect OpenMetadata workloads, organizations are strongly advised to implement the following measures:

  1. Update to OpenMetadata 1.3.1 or Later: Update the image version of Kubernetes clusters running OpenMetadata to the latest version, specifically 1.3.1 or newer, to patch these vulnerabilities.
  2. Strong Authentication: Employ robust authentication mechanisms for accessing OpenMetadata over the Internet. Avoid using default credentials and consider implementing multi-factor authentication.
  3. Network Segmentation: Restrict access to OpenMetadata workloads from untrusted networks to reduce the attack surface.
  4. Regular Security Audits: Conduct regular security audits to scan for vulnerabilities and misconfigurations that could expose OpenMetadata to attacks.
  5. Incident Response Plan: Establish an incident response plan to promptly detect and mitigate potential security breaches.

Organizations using OpenMetadata are urged to prioritize these mitigation measures to prevent exploitation of these critical vulnerabilities and protect their Kubernetes workloads from malicious crypto mining activities.

Disclaimer:info@kdj.com

The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!

If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.

Other articles published on Dec 24, 2024