Listen to this Post
How CVE-2024-38370 Works
Kubewarden allows cluster operators to grant users permissions to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups. The policy engine normally prevents privilege escalation by enforcing a context-aware allow-list via `can_access_kubernetes_resource()` for three host capabilities: list_resources_by_namespace, list_resources_all, and get_resource. However, the `can_i` host callback does not perform this allow-list check. Instead, it forwards SubjectAccessReview (SAR) requests directly to the callback handler, which executes using the policy-server’s own high-privileged service account. An attacker with privileged `AdmissionPolicy` or `AdmissionPolicyGroup` create permissions (not default) can craft a malicious policy that calls can_i. The callback then issues SAR requests to enumerate RBAC permissions of any user or service account across the cluster—checking abilities like “get secrets”, “create pods”, or “bind clusterroles”. This creates a policy-level authorization gap: `can_i` is usable even when the policy has no context-aware resource grant. No workload data is exfiltrated, but the attacker gains unauthorized reconnaissance of cluster permissions.
dailycve form
Platform: Kubewarden
Version: before 1.35
Vulnerability: can_i SAR bypass
Severity: Medium
date: 2024-05-21
Prediction: Already patched v1.35
What Undercode Say:
Check if policy-server has excessive SAR permissions
kubectl auth can-i create subjectaccessreviews --as=system:serviceaccount:kubewarden:policy-server-default
List namespaced policies that might use can_i
kubectl get admissionpolicies -A -o json | jq '.items[] | select(.spec.module | contains("can_i"))'
Simulate malicious policy request (SAR)
cat <<EOF | kubectl create -f -
apiVersion: policies.kubewarden.io/v1
kind: AdmissionPolicy
metadata:
name: can-i-exploit
spec:
module: registry:///malicious-policy
rules:
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
operations: ["CREATE"]
hostCapabilities:
- can_i
EOF
Exploit:
Attacker creates an AdmissionPolicy with `can_i` host capability. Policy calls can_i("user", "get", "secrets", "kube-system"). Policy-server forwards SAR with its own privileges, returning true/false for any user/SA across cluster. Attacker maps RBAC permissions without direct access.
Protection from this CVE
Upgrade to Kubewarden v1.35+. Set `PolicyServer.spec.namespacedPoliciesCapabilities: []` (empty list) to disable all host capabilities for namespaced policies. For default PolicyServer, set `.Values.policyServer.namespacedPoliciesCapabilities: []` in Helm. Or remove `create` permission on `subjectaccessreviews` from PolicyServer ServiceAccount RBAC. Alternatively, do not allow users to create namespaced policies.
Impact
Information disclosure of RBAC permissions across cluster. Attacker learns which service accounts can access secrets, create pods, bind clusterroles, etc. Enables precise privilege escalation planning in multi-tenant Kubernetes clusters. No direct data exfiltration, but serious reconnaissance vulnerability.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
