CONTAINER-LEAKY-VESSELS-2024

On 24 May 2023 Dig Security disclosed a privilege-escalation chain in Google Cloud SQL for SQL Server, originally reported to Google in February 2023, that let an attacker escalate from a limited database role to full system administrator and reach the host operating system. The chain first abused a gap in GCP's security hardening to add the attacker's user to DbRootRole, an elevated GCP admin role that nonetheless lacked full SQL Server permissions, then exploited a further misconfiguration in the role permission architecture to grant the SQL Server sysadmin role and obtain complete control of the database engine. With sysadmin rights the researchers reached the underlying container and host OS, letting them list privileged paths, read sensitive files and extract secrets, including internal GCP data and credentials related to the managed service. This was a provider-side flaw under shared responsibility that customers could not patch; Google remediated it in April 2023 and it was found and reported by researchers with no evidence of exploitation in the wild.

On 9 September 2021 Palo Alto Unit 42 researcher Yuval Avrahami disclosed Azurescape, described as the first cross-account container takeover in a public cloud, in which a malicious container on Azure Container Instances could escape and gain control over other customers' containers running on the shared multitenant Kubernetes cluster. ACI ran an outdated container runtime, runC v1.0.0-rc2, which was vulnerable to CVE-2019-5736, letting the attacker break out of the container and execute code as root on the underlying Kubernetes node. From the node the researcher found the bridge pod, which serviced az container exec calls, sent a Kubernetes service-account token in the Authorization header to a Kubelet that also allowed anonymous access; decoding that token (related to CVE-2018-1002102) granted pods/exec rights across all namespaces and control of the api-server, and thus the whole multitenant cluster. This was a provider-side flaw under shared responsibility that customers could not patch; Unit 42 found it and reported it with no knowledge of exploitation in the wild.

On 25 August 2021 Wiz researchers Nir Ohfeld and Sagi Tzadik disclosed ChaosDB, a cross-tenant flaw in Azure Cosmos DB that let any customer retrieve the primary access keys, certificates and connection details of several thousand other customers' database accounts, enabling full cross-tenant read, write and delete. The chain abused the Cosmos DB built-in Jupyter Notebook feature, which had been enabled by default since February 2021. A notebook ran attacker C# code as root while Python ran unprivileged, giving container root, after which the attacker removed iptables rules to reach the WireServer (168.63.129.16) and Instance Metadata endpoints. Querying WireServer yielded roughly two dozen Microsoft certificates, including private keys for internal Cosmos DB and notebook services, which were used to authenticate to internal Service Fabric clusters, enumerate every customer's Cosmos DB instance and decrypt their stored COSMOSDB_ACCOUNT_KEY and notebook auth tokens. This was a provider-side flaw under shared responsibility that customers could not patch; it was found and reported by researchers with no evidence of exploitation in the wild.

A remote code execution flaw in the Windows Print Spooler service allows an authenticated domain user to load a malicious printer driver DLL and execute code as SYSTEM, both locally and remotely. A working proof-of-concept was accidentally published before a patch existed, so Microsoft assigned a new identifier and shipped out-of-band fixes. Because nearly every Windows host, including domain controllers, runs the spooler, it gave attackers a near-universal lateral-movement and privilege-escalation primitive. It was exploited in ransomware intrusions by Vice Society, Conti, and Magniber.

A misconfigured ModSecurity web application firewall on an AWS EC2 instance was abused via server-side request forgery to reach the EC2 Instance Metadata Service at 169.254.169.254 and retrieve the temporary IAM credentials of the WAF's role. Because that role was over-privileged, the attacker used the stolen credentials to exfiltrate data from Capital One's S3 buckets. Roughly 100 million US individuals and 6 million Canadians were exposed, including about 140,000 Social Security numbers and 80,000 linked bank account numbers. Attacker Paige Thompson, a former AWS engineer, was arrested July 29, 2019 and later convicted. The incident directly motivated AWS's release of IMDSv2.

Exposed etcd is a misconfiguration class in which the etcd key-value store backing the Kubernetes API server is reachable on its client port (TCP 2379, with 2380 used for peer traffic) without client-certificate authentication. etcd is the single source of truth for a cluster and stores the entire cluster state, including all Secrets, service-account tokens, credentials, ConfigMaps, and RBAC rules, so reading it bypasses Kubernetes RBAC entirely and writing to it lets an attacker alter cluster state and take over the cluster. etcd shipped insecure by default: it had no authentication before version 2.1 (July 2015) and client-certificate authentication remained off by default for backward compatibility, and its authorization model is effectively all-or-nothing once access is granted. In March 2018, researcher Giovanni Collazo demonstrated the scale by querying Shodan and finding 2,284 etcd servers exposed to the internet without authentication; a short script then harvested roughly 750 MB of data including thousands of passwords, hundreds of AWS access keys, and private keys. The root cause is an etcd endpoint listening on a network-reachable interface without TLS client-certificate authentication enforced.