A new vulnerability dubbed AzureScape involving the Azure Container Instances, a cloud service that enables companies to deploy packaged applications in the cloud.
This issue allotted a malicious container to hijack different other containers that were held by different platform users enabling to execute commands in someone’s container. There is no proper indication that this Vulnerability gone wild.
Background on Azure Container Instances
Azure Container Instances (ACI) was the very first Container-as-a-Service (CaaS) that has been contributed by a major cloud provider. The ACI generally has concerns regarding:-
- Scaling
- Request routing
- Scheduling
- Implementing a serverless experience for all kinds of containers
Kubernetes CVE-2018-1002102
The API-server infrequently stretches out to Kubelets, but, the CVE-2018-1002102 marks a security problem in how the API-server is acquainted with Kubelets and it has also accepted redirect, and by redirecting the API-server’s send requests to another node’s Kubelet, a malicious Kubelet can develop into a cluster.
The malicious Azure user can easily compromise the multitenant Kubernetes clusters that are hosting ACI and the cluster administrator. The threat actors could perform commands in other customer containers, as well as it can also exfiltrate codes and private images that are extended to the platform, or deploy crypto miners.
Securing ACI
There are some common areas to define configuration and codes for container groups and that includes the following things:-
- Environment Variables
- Secret Volumes
- Azure file share
- Consult these security best methods resources
- Azure Container Instances Security Baseline
- Azure Container Instances Security Considerations
- Always keep urself updated regarding security-related notifications like this one by configuring Azure Service Health Alerts.
This kind of vulnerabilities is dangerous in nature, and it puts a huge impact on the users. Monitor your workspace for any uninvited threats and mitigate it as soon as possible.
