OpenEBS RawFile Local PV World-Readable Data Vulnerability

A vulnerability in OpenEBS RawFile Local PV prior to version 0.10.0 allows non-privileged users to access sensitive data from persistent volumes. The issue arises because persistent volume data is stored in a world-readable directory on Kubernetes hosts, under '/var/csi/rawfile/'. This exposure could lead to unauthorized access to critical information, such as databases from Kubernetes workloads running MySQL or PostgreSQL, potentially causing a database breach.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data stored in persistent volumes, including entire databases from applications running in Kubernetes containers.

Reproduction

To reproduce this vulnerability, deploy a Kubernetes cluster with OpenEBS RawFile Local PV version prior to 0.10.0. Once the cluster is set up, create a persistent volume claim and a pod that writes data to the volume. After the data is written, use a local unprivileged user to access the world-readable directory where the persistent volume data is stored. The data can be read directly or accessed through a file image using tools like 'qemu-img'.

Remediation

Users can upgrade to OpenEBS RawFile Local PV version 0.10.0 or later, where this vulnerability has been patched.