According to research by Microsoft Threat Intelligence, known vulnerabilities in the OpenMetadata open source metadata repository have been actively exploited since early April, allowing threat actors to launch remote code execution cyber attacks against unpatched Kubernetes clusters .
OpenMetadata is a open source platform which functions as a management tool and central repository for metadata. In mid-March, researchers published information about five new vulnerabilities (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254) affecting versions prior to the v1.3.1, second Microsoft’s report.
And while many cybersecurity teams may have missed the warning, adversaries have seized the opportunity to intrude Vulnerable Kubernetes environments and exploit them for cryptocurrency mining, the seller said.
“In this case, a vulnerable Kubernetes workload exposed to the Internet was exploited,” explains Microsoft researcher Yossi Weizman. While cybercriminals were engaged in cryptocurrency mining, he warns that there is a wide range of nefarious activities an adversary can engage in once inside a Kubernetes cluster.
“In general (not specifically in this case), once attackers have control over a workload in the cluster, they can try to exploit this access for lateral movement as well, both within the cluster and to external resources” , adds Weizman.
OpenMetadata administrators are recommended to upgrade, use strong authentication, and reset the default credentials in use.