CBL Mariner 2.0 Security Update: kubevirt (CVE-2023-26484)

high Nessus Plugin ID 207011

Synopsis

The remote CBL Mariner host is missing one or more security updates.

Description

The version of kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-26484 advisory.

- KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node. (CVE-2023-26484)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2023-26484

Plugin Details

Severity: High

ID: 207011

File Name: mariner_CVE-2023-26484.nasl

Version: 1.4

Type: local

Published: 9/12/2024

Updated: 12/13/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:N

CVSS Score Source: CVE-2023-26484

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-api, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-exportproxy, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-exportserver, x-cpe:/o:microsoft:cbl-mariner, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-handler, p-cpe:/a:microsoft:cbl-mariner:kubevirt-tests, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-controller, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-operator, p-cpe:/a:microsoft:cbl-mariner:kubevirt-container-disk, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virt-launcher, p-cpe:/a:microsoft:cbl-mariner:kubevirt-virtctl, p-cpe:/a:microsoft:cbl-mariner:kubevirt-pr-helper-conf

Required KB Items: Host/local_checks_enabled, Host/CBLMariner/release, Host/CBLMariner/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 9/10/2024

Vulnerability Publication Date: 3/15/2023

Reference Information

CVE: CVE-2023-26484