Headline

CVE-2023-28110: Command Injection for Kubernets Connection

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco’s SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8.

1 year ago

CVE

Open in Source

#vulnerability #web #kubernetes #ssh

Impact

Command Injection for Kubernets Connection

Using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage

Details

Create an example of an illegal Kubernetes token like the one shown below:
If the token is used to connect to a Kubernetes cluster, any commands executed using the token - such as touch /tmp/hackeme - will create a file at /tmp/hackeme.

Patches

The vulnerability has been fixed in v2.28.8

Workarounds

It is recommended to upgrade the version to v2.28.8

References

Found by 长亭科技（Chaitin Tech）