bitcoin
bitcoin

$99071.327468 USD

6.08%

ethereum
ethereum

$3522.237624 USD

5.54%

tether
tether

$0.999525 USD

0.08%

xrp
xrp

$2.339669 USD

7.71%

bnb
bnb

$697.059563 USD

2.20%

solana
solana

$197.231412 USD

6.40%

dogecoin
dogecoin

$0.336290 USD

7.93%

usd-coin
usd-coin

$1.000083 USD

0.01%

cardano
cardano

$0.940759 USD

6.65%

tron
tron

$0.257745 USD

3.01%

avalanche
avalanche

$41.350977 USD

12.03%

chainlink
chainlink

$24.835364 USD

9.79%

toncoin
toncoin

$5.809192 USD

5.69%

shiba-inu
shiba-inu

$0.000023 USD

6.90%

sui
sui

$4.645096 USD

8.35%

加密貨幣新聞文章

關鍵的開放元資料平台缺陷威脅 Kubernetes 工作負載;需要緊急補丁

2024/04/23 07:07

用於資料發現和治理的 OpenMetadata 平台已受到嚴重漏洞的影響,使攻擊者能夠繞過身份驗證並在 Kubernetes 工作負載上執行遠端程式碼執行 (RCE)。這些漏洞允許未經授權的存取和加密貨幣挖掘活動。微軟已敦促用戶應用 OpenMetadata 更新並加強身分驗證措施,以減少潛在的利用。

關鍵的開放元資料平台缺陷威脅 Kubernetes 工作負載;需要緊急補丁

Critical Vulnerabilities in OpenMetadata Platform Pose Severe Threat to Kubernetes Workloads: Urgent Mitigation Required

OpenMetadata 平台中的關鍵漏洞對 Kubernetes 工作負載構成嚴重威脅:需要緊急緩解

[Redmond, Washington] - February 28, 2023

[華盛頓州雷德蒙] - 2023 年 2 月 28 日

Cybersecurity researchers from Microsoft have uncovered a series of critical vulnerabilities in the OpenMetadata platform that empower threat actors to exploit Kubernetes workloads for clandestine crypto mining activities. These vulnerabilities have the potential to compromise enterprise environments and disrupt critical business operations.

Microsoft 的網路安全研究人員發現了 OpenMetadata 平台中的一系列嚴重漏洞,這些漏洞使威脅行為者能夠利用 Kubernetes 工作負載進行秘密加密貨幣挖礦活動。這些漏洞有可能危害企業環境並擾亂關鍵業務營運。

The Microsoft security blog has issued a stark warning, revealing that five significant vulnerabilities allow attackers to bypass authentication and execute Remote Code Execution (RCE) on affected Kubernetes workloads. These vulnerabilities, designated as CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254, affect OpenMetadata versions preceding 1.3.1.

微軟安全部落格發布了嚴厲警告,揭示了五個重大漏洞,允許攻擊者繞過身份驗證並在受影響的 Kubernetes 工作負載上執行遠端程式碼執行(RCE)。這些漏洞(指定為 CVE-2024-28255、CVE-2024-28847、CVE-2024-28253、CVE-2024-28848 和 CVE-2024-28254)影響 1.3.1 之前的 OpenMetadata 版本。

Understanding the Vulnerabilities

了解漏洞

CVE-2024-28255, rated 9.8 on the Common Vulnerability Scoring System (CVSS), exploits a flaw in the API authentication mechanism of OpenMetadata. By exploiting this vulnerability, attackers can bypass authentication and gain unauthorized access to sensitive endpoints.

CVE-2024-28255 在通用漏洞評分系統 (CVSS) 上的評分為 9.8,利用了 OpenMetadata 的 API 驗證機制中的缺陷。透過利用此漏洞,攻擊者可以繞過身份驗證並獲得對敏感端點的未經授權的存取。

CVE-2024-28255, assigned a CVSS score of 9.4, stems from deficiencies in JWT token validation within the JwtFilter component. This vulnerability allows attackers to send a malicious PUT request to modify system policies, potentially leading to remote code execution.

CVE-2024-28255 的 CVSS 評分為 9.4,源自於 JwtFilter 元件內 JWT 令牌驗證的缺陷。此漏洞允許攻擊者發送惡意 PUT 請求來修改系統策略,可能導致遠端程式碼執行。

Exploitation Modus Operandi

開發操作模式

Security analysts have observed a systematic attack sequence involving the exploitation of these vulnerabilities:

安全分析師觀察到涉及利用這些漏洞的系統攻擊序列:

  1. Vulnerability Identification and Exploitation: Attackers target vulnerable versions of OpenMetadata and exploit the vulnerabilities to gain initial code execution within the container hosting the compromised image.
  2. Intrusion Validation and Connectivity Establishment: Post-infiltration, attackers validate their intrusion through ping requests to specific domains linked to Interactsh, a popular tool for attacker communication.
  3. Crypto-Mining Malware Deployment: Once successful access is established, attackers download crypto-mining malware from a remote server and execute it with elevated permissions. The server hosting the malware has been traced to China.

Mitigation Measures

漏洞識別和利用:攻擊者以OpenMetadata 的易受攻擊版本為目標,並利用這些漏洞在託管受感染映像的容器內獲得初始程式碼執行。特定網域發出ping 請求來驗證其入侵。它。託管該惡意軟體的伺服器已被追蹤到中國。

To mitigate these threats and protect OpenMetadata workloads, organizations are strongly advised to implement the following measures:

為了減輕這些威脅並保護 OpenMetadata 工作負載,強烈建議組織實施以下措施:

  1. Update to OpenMetadata 1.3.1 or Later: Update the image version of Kubernetes clusters running OpenMetadata to the latest version, specifically 1.3.1 or newer, to patch these vulnerabilities.
  2. Strong Authentication: Employ robust authentication mechanisms for accessing OpenMetadata over the Internet. Avoid using default credentials and consider implementing multi-factor authentication.
  3. Network Segmentation: Restrict access to OpenMetadata workloads from untrusted networks to reduce the attack surface.
  4. Regular Security Audits: Conduct regular security audits to scan for vulnerabilities and misconfigurations that could expose OpenMetadata to attacks.
  5. Incident Response Plan: Establish an incident response plan to promptly detect and mitigate potential security breaches.

Organizations using OpenMetadata are urged to prioritize these mitigation measures to prevent exploitation of these critical vulnerabilities and protect their Kubernetes workloads from malicious crypto mining activities.

更新至OpenMetadata 1.3.1 或更高版本:將執行OpenMetadata 的Kubernetes 叢集的鏡像版本更新至最新版本,特別是1.3.1 或更高版本,以修補這些漏洞。透過Internet 存取OpenMetadata。避免使用預設憑證並考慮實施多重身份驗證。的漏洞和錯誤配置。免受惡意加密挖掘活動的影響。

免責聲明:info@kdj.com

The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!

If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.

2024年12月25日 其他文章發表於