A command-injection vulnerability, tracked as CVE-2024-9042, has been discovered in Kubernetes, which allows remote attackers to execute commands with SYSTEM privileges on all Windows endpoints within a cluster. The flaw, found by Akamai's Tomer Peled, affects versions prior to 1.32.1 and requires the cluster to be configured with Log Query. This medium-severity vulnerability has been fixed, and users are advised to patch their systems, as the exploitation is detectable by auditing cluster logs for suspicious queries.
A now-fixed command-injection bug in Kubernetes can be exploited to gain SYSTEM privileges on all Windows endpoints in a cluster.
The vulnerability, tracked as CVE-2024-9042, affects Kubernetes versions earlier than 1.32.1 with beta features enabled.
This flaw allows an attacker to inject commands into the system with high privileges via a parameter in the request.
To exploit CVE-2024-9042, the cluster must run Windows endpoints and be configured to use Log Query.
Collection
[
|
...
]