Executive Summary

This vulnerability is a half-blind Server Side Request Forgery (SSRF) in the kube-controller-manager when using the in-tree Portworx StorageClass. It allows authorized users to make the server send requests to internal, unprotected endpoints within the control plane's host network, including link-local or loopback services, potentially leaking arbitrary information.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can impact you by allowing authorized users to leak sensitive information from internal endpoints that are normally not accessible externally. This could expose confidential data within the control plane's host network, leading to potential information disclosure risks.

Useful 0 Not Useful 0

Detection Guidance

Detection can be performed by analyzing ProvisioningFailed events generated by the kube-controller-manager on affected clusters where the CSIMigrationPortworx feature gate is disabled. These events may contain leaked sensitive information from the control plane's host network. Monitoring these events in your Kubernetes cluster can help identify exploitation attempts. Specific commands to check these events include using kubectl to query events, for example: kubectl get events --field-selector reason=ProvisioningFailed -n <namespace> or kubectl describe events -n <namespace> and filtering for ProvisioningFailed events related to the Portworx StorageClass. [1, 2, 3]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading the kube-controller-manager to fixed versions: v1.32.10 or later, v1.33.6 or later, or v1.34.2 or later. Alternatively, if the CSIMigrationPortworx feature gate is manually disabled, enable it to disable the in-tree Portworx StorageClass and mitigate the vulnerability. Additionally, restrict the ability for untrusted users to create pods using the Portworx StorageClass to reduce risk. [1, 2, 3]

Useful 0 Not Useful 0