CVE-2023-32191 in rke
Summary
by MITRE • 10/16/2024
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/16/2024
The vulnerability identified as CVE-2023-32191 represents a critical privilege escalation flaw within the Rancher Kubernetes Engine (RKE) provisioning system. This issue manifests when RKE creates and manages cluster state information through a specific Kubernetes ConfigMap named `full-cluster-state` which is stored within the `kube-system` namespace of the target cluster. The configuration management process inherently exposes sensitive cluster metadata and administrative credentials that should remain restricted to authorized administrators only. The fundamental flaw lies in the improper access controls and information disclosure mechanisms that allow any authenticated user within the cluster to access this privileged configuration data.
The technical exploitation of this vulnerability stems from the insecure design pattern where cluster state information containing administrative credentials, cluster configuration details, and potentially sensitive operational data becomes publicly accessible through the Kubernetes API. When RKE provisions a cluster, it automatically creates this ConfigMap with default permissions that do not adequately restrict access based on user roles or privileges. The `full-cluster-state` ConfigMap essentially serves as a repository of cluster administrative information that includes but is not limited to control plane credentials, cluster networking configurations, and operational parameters that provide attackers with comprehensive insights into the cluster's structure and security posture. This misconfiguration allows any user with basic cluster access to extract this information and subsequently leverage it for unauthorized administrative actions.
The operational impact of this vulnerability extends beyond simple information disclosure to encompass complete administrative compromise of affected clusters. An attacker who gains access to the `full-cluster-state` ConfigMap can extract administrative credentials and use them to perform privileged operations such as creating new users, modifying cluster configurations, accessing sensitive data stores, and potentially escalating their privileges to full cluster administrator status. This vulnerability directly violates the principle of least privilege and enables unauthorized users to bypass normal access controls that should protect cluster administrative functions. The implications are particularly severe in multi-tenant environments where this flaw could allow malicious users to access and manipulate resources belonging to other users or organizations, leading to data breaches, service disruptions, and potential lateral movement within the network infrastructure.
Security mitigations for this vulnerability should focus on implementing proper access controls and privilege management within the RKE provisioning process. Organizations should immediately restrict access to the `full-cluster-state` ConfigMap by modifying the Kubernetes RBAC policies to ensure that only authorized administrative users and system components can access this sensitive information. The recommended approach includes implementing namespace-level access controls, configuring appropriate role-based access controls for the `kube-system` namespace, and ensuring that the ConfigMap is created with restrictive permissions. Additionally, organizations should consider implementing automated monitoring solutions that can detect unauthorized access attempts to sensitive ConfigMaps and alert security teams to potential exploitation attempts. This vulnerability aligns with CWE-284 (Improper Access Control) and represents a significant concern for organizations using RKE for cluster provisioning, as it directly enables unauthorized privilege escalation through information disclosure mechanisms. The ATT&CK framework categorizes this as a privilege escalation technique where adversaries exploit insecure configurations to gain elevated system access, making it particularly dangerous in environments where cluster administrators do not properly enforce access control policies.