Not SimonMicrosoft reports that financially motivated attackers are exploiting several OpenMetadata vulnerabilities to gain access to Kubernetes workloads for cryptomining activity. CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254 could be exploited by attackers to bypass authentication and achieve remote code execution. "Since the beginning of April, we have observed exploitation of this vulnerability in Kubernetes environments." Microsoft describes the attack flow and provides IOC 🔗 https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/
#threatintel #eitw #OpenMetadata #activeexploitation #CVE_2024_28255 #CVE_2024_28847 #CVE_2024_28253 #CVE_2024_28848 #CVE_2024_28254 #IOC
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters | Microsoft Security Blog
Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.