
Cybersecurity researchers have uncovered three safety vulnerabilities in Microsoft’s Azure Knowledge Manufacturing unit Apache Airflow integration that, if efficiently exploited, may enable an attacker to realize the flexibility to carry out numerous covert operations. , together with information mining and malware deployment.
“Exploitation of those vulnerabilities may enable attackers to realize persistent entry as shadow directors to a whole Airflow Azure Kubernetes Service (AKS) cluster,” Palo Alto Networks Unit 42 stated in an evaluation printed earlier this month. can.”
The vulnerabilities, though labeled as low severity by Microsoft, are listed under.
- Misconfigured Kubernetes RBAC in an Airflow cluster
- misconfigured secret dealing with of Azure’s inside Geneva service, and
- Weak verification for Geneva
Along with gaining unauthorized entry, an attacker may exploit vulnerabilities within the Geneva service to probably tamper with log information or ship faux logs to keep away from suspicion when creating new pods or accounts. .

An early entry method entails producing a directed acyclic graph (DAG) file and importing it to a non-public GitHub repository related to the Airflow cluster, or modifying an present DAG file. The top aim is to launch a reverse shell on an exterior server as quickly as it’s imported.
To beat this, a menace actor should first get hold of write permission to the storage account containing the DAG recordsdata utilizing a compromised service principal or Shared Entry Signature (SAS) token for the recordsdata. Alternatively, they will break into the Git repository utilizing the leaked credentials.
Though the obtained Shell Kubernetes pod was discovered to be working with minimal permissions below the context of the Airflow person, additional evaluation recognized a service account with cluster admin permissions related to the Airflow runner pod. completed
This misconfiguration, together with the truth that the pod could possibly be accessible over the Web, meant that an attacker may obtain the Kubernetes command-line software kubectl and finally “deploy a privileged pod The first node can achieve full management over the complete cluster.”

An attacker can then leverage root entry to the host digital machine (VM) to penetrate deep into the cloud surroundings, gaining unauthorized entry to inside sources managed by Azure, together with Geneva, which Some storage accounts and occasions present write entry to the hub.
“Which means a classy attacker can change the vulnerability of the air circulation surroundings,” stated safety researchers Ofir Balasiano and David Orlovsky. “For instance, an attacker may create new pods and new service accounts. He may additionally apply modifications to cluster nodes himself after which ship faux logs to Geneva with out elevating an alarm.”
“This subject highlights the significance of fastidiously managing service permissions to stop unauthorized entry. It additionally highlights the significance of monitoring the operations of essential third-party companies to stop such entry.” “
The disclosure got here after Datadog Safety Labs detailed an escalation of privilege situation in Azure Key Vault that permits customers with the Key Vault Contributor function to entry key vault contents, comparable to API keys, passwords, authentication certificates, and Azure Storage SAS could enable tokens to be learn or modified. .
The issue is {that a} person with the KeyWallet Contributor function didn’t have direct entry to the KeyWallet information on the KeyWallet configured with entry insurance policies. got here with permission to incorporate Key pockets information, successfully bypassing the embargo.

“The coverage replace could embody the flexibility to listing, view, replace, and customarily handle information inside the important thing vault,” stated safety researcher Katie Knowles. “This created a situation the place a person with the Key Pockets Contributor function may entry all Key Pockets information, regardless of having no (role-based) permissions to handle permissions or view the info. entry management) isn’t allowed.”
Microsoft has since up to date its documentation to emphasise the chance of entry coverage, stating: “To stop unauthorized entry and administration of your key wallets, keys, secrets and techniques, and certificates, You will need to prohibit entry to key vaults below the Contributor function entry coverage permission mannequin.
The event additionally follows the invention of a problem with Amazon Bedrock CloudTrail logging that made it tough to differentiate malicious queries from legit ones meant for giant language fashions (LLMs), thus permitting dangerous actors to use them with out warning. allowed to spy on
“Notably, failed Bedrock API calls had been logged identical to profitable calls, with out offering a particular error code,” stated Sysdig researcher Alessandro Brocato.
“Lack of error info in API responses can hinder detection efforts by producing false positives in CloudTrail logs. With out this element, safety instruments can misread regular exercise as suspicious, resulting in pointless Alerts and potential monitoring of actual threats can happen.”