Two critical flaw chains were revealed in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. This could be abused to break tenant isolation protections and gain access to sensitive data of other customers.
“This vulnerability allows unauthorized access to the PostgreSQL databases of Alibaba Cloud customers, potentially allowing supply chain attacks against both Alibaba database services, resulting in an RCE on the Alibaba database services. ,” cloud security firm Wiz told HackerNews.
of problem,dubbing broken sesame seeds, was reported to Alibaba Cloud in December 2022 after mitigation measures were deployed by the company on April 12, 2023. There is no evidence to suggest that the vulnerability has been exploited in the wild.
In a nutshell, the vulnerabilities (the AnalyticDB privilege escalation flaw and the ApsaraDB RDS remote code execution bug) allow privilege escalation to the root inside the container, escape to the underlying Kubernetes node, and finally to the API. It is now possible to obtain unauthorized access to server.
An attacker could leverage this feature to obtain credentials associated with a container registry from an API server and push malicious images to control customer databases belonging to other tenants on shared nodes. there is.
Wiz researchers Ronen Shustin and Shir Tamari said, “The credentials used to pull the images were not properly scoped and allowed push permissions, creating a basis for supply chain attacks. I was working on it,” he said.
This is not the first time PostgreSQL vulnerabilities have been identified in cloud services. Last year Wiz found a similar issue with his Azure Database for PostgreSQL Flexible Server (ExtraReplica) and his IBM Cloud Databases for PostgreSQL (Hell’s Keychain).
Defending with Deception: Driving Zero Trust Security
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Save my seat!
The findings, published by Palo Alto Networks Unit 42 in their Cloud Threat Report, reveal that “threat actors are adept at exploiting common problems that occur in the cloud every day.” bottom. This includes misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious opens. A source software (OSS) package.
“76% of organizations do not have MFA in place [multi-factor authentication] For console users, 58% of organizations do not enforce MFA for root/admin users,” said the cybersecurity firm.
