A potential risk in KUDO which can be leveraged to make a cluster-level privilege escalation

9 views

Skip to first unread message

nanzi yang

unread,

Apr 2, 2023, 8:56:58 AM4/2/23

to kudobuilder

Dear KUDO maintainers:

I am Nanzi Yang, and I find a potential risk in KUDI that can be leveraged to make a cluster-level privilege escalation.

Detailed analysis:

The KUDO has one StatefulSet called kudo-controller-manager, which has a service account called kudo-manager. The service account has the cluster-admin cluster role via ClusterRoleBinding. Thus, if a malicious user can access the worker node which has kudo-controller-manager, he/she can leverage the service account to do whatever he/she likes to the cluster, resulting in cluster-level privilege escalation.

Mitigation:

First of all, the KUDO should not use the cluster-admin ClusterRole. Perhaps it should create a ClusterRole only has needed RBAC permissions.

A few questions:

1. Is it a real issue in KUDO?

2. If it's a real issue, can KUDO mitigate the risks following my suggestions?

Looking forward to any maintainer's reply.

Regards,

Nanzi Yang

Reply all

Reply to author

Forward

0 new messages