JumpServer Kubernetes Token Leak Vulnerability
Vulnerability
A vulnerability exists in JumpServer versions prior to 4.8.0 and 3.10.18, allowing low-privileged users to exploit the Kubernetes session feature. By manipulating the kubeconfig file, an attacker can redirect API requests to an external server they control, intercepting the Kubernetes cluster token. This token capture could lead to unauthorized access to the cluster, compromising its security.
Impact
Exploitation of this vulnerability allows for interception of the Kubernetes cluster token, which could be used for unauthorized access to the cluster, potentially compromising its security.
Reproduction
To reproduce this vulnerability, create a Kubernetes session through the JumpServer web interface. Then, modify the kubeconfig file to redirect API requests to an external server controlled by the attacker. After changing the server address, execute a kubectl command that sends a request to the modified server. The intercepted request will contain the Kubernetes cluster token, which can be captured and used to access the cluster.
Remediation
Users are advised to upgrade to JumpServer versions 4.8.0 or 3.10.18.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.