Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.
The vulnerability (CWE-150 — Improper Neutralization of Escape, Meta, or Control Sequences) is present in the `gardenlet` component, which is responsible for managing the lifecycle of Kubernetes clusters. A user with administrative privileges within a Gardener project can use it to exceed their granted scope of access. As a result, the attacker is able to gain control over the seed cluster — the parent infrastructure that manages shoot clusters belonging to their project. The attack vector is network-based, requires no user interaction, and does not require particularly high initial privileges (project-level privileges are sufficient).
An attacker can gain full control over the seed cluster, which in practice means the ability to compromise the confidentiality, integrity, and availability of all Kubernetes clusters managed by it and potentially other resources of the shared infrastructure.
The `gardenlet` component must be updated to version 1.116.4, 1.117.5, 1.118.2, or 1.119.0 (depending on the branch in use), in which the vendor has removed the described vulnerability. Detailed information is available in the official security advisory on GitHub: https://github.com/gardener/gardener/security/advisories/GHSA-9x73-87fh-54w9
All Gardener installations using the gardener/gardener-extension-provider-gcp extension in which the `gardenlet` component is running versions earlier than 1.116.4, 1.117.5, 1.118.2, and 1.119.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HGardener
APPGardener< 1.116.41.117.0 – 1.117.5 (bez)1.118.0 – 1.118.2 (bez)
Related vulnerabilities
Eskalacja uprawnień w Gardener — przejęcie kontroli nad seed cluster
In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending ...
Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in t...