Skip to content
This repository was archived by the owner on Mar 5, 2024. It is now read-only.
This repository was archived by the owner on Mar 5, 2024. It is now read-only.

Security issue: nodes can receive IAM credentials for other nodes' pods #521

Open
Open
Security issue: nodes can receive IAM credentials for other nodes' pods#521
@JayBeale

Description

@JayBeale
JayBeale
opened on Feb 1, 2023

Have discovered and created an exploit for an authorization issue in Kiam.

Kiam-server allows every node's kiam-agent to request and receive token for the AWS roles in use on other nodes. This is due to the lack of a policy in in policy.go to check whether the kiam-agent's request is for a pod running on that kiam-agent's node.

This may be the issue that @iangcarroll is discussing in (Kiam Issue 516)(https://github.com/uswitch/kiam/issues/516].

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions