Research conducted by Microsoft into the security of Kubernetes installations revealed that threat actors have targeted misconfigured Apache Pinot instances.
Apache Pinot is an open source real-time analytics platform designed for querying large datasets with high speed and low latency. Pinot is used by some of the world’s biggest companies, including Walmart, Uber, Slack, LinkedIn, Wix and Stripe.
In the case of Kubernetes installations, the official Apache Pinot documentation does not inform users that the default configuration is highly insecure and can expose sensitive user data.
“The default installation exposes Apache Pinot’s main components to the internet by Kubernetes LoadBalancer services without providing any authentication mechanism by default,” Microsoft researchers explained.
They warned that an unauthenticated attacker can gain full access to the Pinot dashboard, enabling them to query the stored data and manage workloads.
The risk is not just theoretical. Microsoft said it identified several instances of misconfigured Pinot workloads being targeted in the wild to access user data.
Microsoft’s analysis into misconfigurations and the lack of proper authentication or authorization mechanisms showed that “a small but critical group of applications either provided no authentication at all or used a predefined user and password for logging in, making them prime targets for attackers”.
Microsoft researchers found that Meshery, an engineering platform for collaborative design and operation of cloud infrastructure, is affected by a vulnerability that allows an attacker to execute arbitrary code and gain control of underlying resources.
The attacker needs to have access to the external IP address that exposes the application interface, and attacks can be prevented by restricting Meshery access to internal networks.
“Many in-the-wild exploitations of containerized applications originate in misconfigured workloads, often when using default settings,” the tech giant concluded.
Related: IngressNightmare Flaws Expose Kubernetes Clusters to Remote Hacking
Related: Azure Kubernetes Services Vulnerability Exposed Sensitive Information
Related: OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining