Active Exploitation of OpenMetadata Vulnerabilities in Kubernetes Clusters

April 17, 2024

Since the start of April, threat actors have been actively exploiting known vulnerabilities in OpenMetadata's open source metadata repository. This has enabled them to launch remote code execution attacks against unpatched Kubernetes clusters, as revealed by Microsoft Threat Intelligence. OpenMetadata operates as both a management tool and a central repository for metadata.

In mid-March, information about five new vulnerabilities (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254) affecting versions prior to v1.3.1 was published, as per Microsoft's report. While some cybersecurity teams may have overlooked the advisory, adversaries seized the opportunity to infiltrate vulnerable Kubernetes environments and exploit them for cryptocurrency mining.

As Microsoft researcher Yossi Weizman explains, 'In this case, a vulnerable Kubernetes workload which is exposed to the Internet got exploited.' While these cybercriminals were primarily engaged in crypto mining, Weizman warns that once inside a Kubernetes cluster, an adversary can engage in a variety of malicious activities.

'In general (not specifically in this case), once attackers have control over a workload in the cluster, they can try to leverage this access also for lateral movement, both inside the cluster and also to external resources,' Weizman adds.

Administrators of OpenMetadata are encouraged to update their systems, implement strong authentication, and reset any default credentials in use to mitigate the risk of these attacks.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.