A chain of two critical flaws has been disclosed in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers.
“The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers’ PostgreSQL databases and the ability to perform a supply chain attack on Alibaba’s two database services, resulting in a RCE to Alibaba Database Services,” cloud security firm Wiz said in a new report shared with The Hacker News.
The questionscalled Cracked Sesamewas reported to Alibaba Cloud in December 2022, following mitigations the company deployed on April 12, 2023. There is no evidence to suggest the vulnerabilities were exploited in the wild.
Simply put, the vulnerabilities, a privilege escalation flaw in AnalyticDB and a remote code execution flaw in ApsaraDB RDS, allowed elevation of privilege to root inside the container, escape to the underlying Kubernetes node, and ultimately obtain unauthorized access to the API. server
Armed with this capability, an attacker could retrieve the credentials associated with the API server’s container registry and push a malicious image to gain control of client databases belonging to other tenants on the shared node.
“Credentials used to extract images were not properly defined and allowed push permissions, being the basis of a supply chain attack,” said Wiz researchers Ronen Shustin and Shir Tamari.
This is not the first time that PostgreSQL vulnerabilities have been identified in cloud services. Last year, Wiz discovered similar issues in Azure Database for PostgreSQL Flexible Server (ExtraReplica) and IBM Cloud Databases for PostgreSQL (Hell’s Keychain).
Learn how to stop ransomware with real-time protection
Join our webinar and learn how to stop ransomware attacks with real-time MFA and service account protection.
Save my seat!
The findings come as Palo Alto Networks’ Unit 42, in its report on cloud threats, revealed that “threat actors have become adept at exploiting common everyday problems in the cloud,” including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious openings. source software (OSS) packages.
“76% of organizations do not apply MFA [multi-factor authentication] for console users, while 58% of organizations do not enforce MFA for root/admin users,” the cybersecurity firm said.
Source link
Ikaroa, a full stack tech company, recently announced two critical security flaws in Alibaba Cloud’s PostgreSQL databases that could cause data leakage or even system crashes. The new vulnerabilities were discovered after Alibaba Cloud released two PostgreSQL security updates in October and November.
Ikaroa experts find that the issues are due to insufficient authentication to PostgreSQL databases which could lead to full visibility and unrestricted access to the system. If exploited, these flaws could allow an attacker to read, modify, and delete data stored in the database. In addition, an attacker could also gain unauthorized control over the impacted systems and exfiltrate sensitive information such as passwords, emails, and other confidential data.
The security vulnerability affects both the latest versions of PostgreSQL 9.4 and 9.5 servers running on Alibaba Cloud. Since the release of the two security updates, Alibaba Cloud has released further security patches to fix the flaws. It is recommended that users update their postgreSQL endpoint as soon as possible to avoid potential malicious activity.
At Ikaroa, we believe that every company needs to be attentive when it comes to data security. That’s why it’s important for companies to find the right solutions to protect data from potential risks and threats. We work with our clients to identify, secure, and monitor risks that could result in data leakage, system crashes, and other serious security issues.
We are committed to helping build secure systems in order to protect organizations from the growing threats of cyber crime. We have an entire suite of security solutions that help our clients identify and mitigate threats, so they can be sure that their systems are safe and secure.
