Attack Chain

1. An attacker crafts a malicious prompt designed to generate YAML code that includes malicious configurations (e.g., mounting host volumes, privileged containers).
2. The k8sGPT-Operator receives the prompt and uses its AI engine to generate a YAML manifest for a Kubernetes Deployment object.
3. The object_to_execution.go component deserializes the AI-generated YAML manifest directly into a Kubernetes Deployment object.
4. Due to the lack of validation, the malicious configurations within the YAML manifest are not detected.
5. The k8sGPT-Operator applies the modified Deployment object to the Kubernetes cluster via the Kubernetes API.
6. The Kubernetes scheduler creates pods based on the compromised Deployment object, potentially executing malicious code within the cluster.
7. The attacker gains control over the deployed pod, potentially escalating privileges to other resources within the cluster.

Impact

Successful exploitation of this vulnerability allows an attacker to inject arbitrary code into Kubernetes deployments, potentially leading to full cluster compromise. While the precise number of affected installations is unknown, any k8sGPT deployment prior to version 0.4.32 is susceptible. This could lead to data breaches, denial of service, or complete control over the Kubernetes environment. Organizations using k8sGPT for automated remediation should immediately upgrade to version 0.4.32 or later.

Recommendation

• Upgrade k8sGPT to version 0.4.32 or later to patch the vulnerability (reference: Affected versions).
• Implement additional validation of Deployment objects before applying them to the cluster to prevent malicious configurations (reference: Overview).
• Deploy the Sigma rule provided to detect attempts to create privileged containers or mount sensitive host paths (reference: Sigma rule).
• Monitor Kubernetes audit logs for suspicious activity related to Deployment object modifications (reference: Attack Chain).