Microsoft Azure Data Factory's assimilation of Apache Airflow was discovered to be impacted by a trio of low-severity vulnerabilities — including a Kubernetes RBAC misconfiguration within the Airflow cluster, a secret management misconfiguration in Azure's Geneva service, and improper Geneva authentication — which could be leveraged to facilitate malware distribution, data theft, and other malicious activities, according to The Hacker News.
After facilitating initial access through the creation and uploading of a directed acrylic graph file to GitHub that enabled reverse shell deployment, threat actors could proceed to exploit the Kubernetes misconfiguration to achieve cluster takeovers, a report from Palo Alto Networks Unit 42 researchers showed. Host virtual machines could also have their root access targeted to further compromise Geneva and other internal resources managed by Azure, researchers noted. "This issue highlights the importance of carefully managing service permissions to prevent unauthorized access. It also highlights the importance of monitoring the operations of critical third-party services to prevent such access," said researchers.
