Attackers exploit new critical vulnerabilities in OpenMetadata

Microsoft recently warned about a sophisticated attack targeting Kubernetes environments by exploiting critical vulnerabilities in OpenMetadata - an open-source platform designed to manage metadata across various data sources.

In a blog post, the Microsoft Threat Intelligence team said that attackers could exploit the vulnerabilities (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254) to bypass authentication and achieve remote code execution.

The exploitation of these vulnerabilities in Kubernetes environments has been observed since early April 2024 for facilitating cryptomining operations.

Microsoft recommends checking clusters that run OpenMetadata workloads and ensuring that any OpenMetadata workloads running on Kubernetes clusters are updated to version 1.3.1 or later to mitigate these vulnerabilities. Additionally, if OpenMetadata is exposed to the internet, it is crucial to use strong authentication measures and avoid default credentials to enhance security.

Additionally, Microsoft has shared indicators of compromise that defenders can use for hunting and investigation.

"This attack serves as a valuable reminder of why it's crucial to stay compliant and run fully patched workloads in containerized environments. It also highlights the importance of a comprehensive security solution, as it can help detect malicious activity in the cluster when a new vulnerability is used in the attack," Microsoft said.