Researchers Disclose Provide-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

Dec 02, 2022Ravie LakshmananKubernetes / Cloud Safety

Supply-Chain Flaw

IBM has mounted a high-severity safety vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could possibly be probably exploited to tamper with inside repositories and run unauthorized code.

The privilege escalation flaw (CVSS rating: 8.8), dubbed “Hell’s Keychain” by cloud safety agency Wiz, has been described as a “first-of-its-kind supply-chain assault vector impacting a cloud supplier’s infrastructure.”

Profitable exploitation of the bug may allow a malicious actor to remotely execute code in clients’ environments and even learn or modify knowledge saved within the PostgreSQL database.

“The vulnerability consists of a series of three uncovered secrets and techniques (Kubernetes service account token, non-public container registry password, CI/CD server credentials) coupled with overly permissive community entry to inside construct servers,” Wiz researchers Ronen Shustin and Shir Tamari mentioned.

Hell’s Keychain commences with an SQL injection flaw in ICD that grants an attacker superuser (aka “ibm”) privileges, which is then used to execute arbitrary instructions on the underlying digital machine internet hosting the database occasion.

This functionality is weaponized to entry a Kubernetes API token file, permitting for broader post-exploitation efforts that contain pulling container photos from IBM’s non-public container registry, which shops photos associated to ICD for PostgreSQL, and scanning these photos for added secrets and techniques.

IBM Cloud Databases for PostgreSQL

“Container photos sometimes maintain proprietary supply code and binary artifacts which are the corporate’s mental property,” the researchers defined. “They’ll additionally include info that an attacker may leverage to seek out extra vulnerabilities and carry out lateral motion throughout the service’s inside setting.”

Wiz mentioned it was in a position to extract inside artifact repository and FTP credentials from the picture manifest information, successfully allowing unfettered read-write entry to trusted repositories and IBM construct servers.

An assault of this sort may have extreme ramifications, because it permits the adversary to overwrite arbitrary information which are used within the construct means of the PostgreSQL picture, which might then be put in on each database occasion.


Uncover the Hidden Risks of Third-Celebration SaaS Apps

Are you conscious of the dangers related to third-party app entry to your organization’s SaaS apps? Be a part of our webinar to be taught in regards to the varieties of permissions being granted and how one can reduce danger.


The American know-how large, in an unbiased advisory, mentioned that each one IBM Cloud Databases for PostgreSQL cases have been probably impacted by the bug, however famous that it discovered no proof of malicious exercise.

It additional acknowledged that the fixes have been mechanically utilized to buyer cases and that no additional motion is required. The mitigations have been rolled out on August 22 and September 3, 2022.

“These vulnerabilities may have been exploited by a malicious actor as a part of an intensive exploit chain culminating in a supply-chain assault on the platform,” the researchers mentioned.

To mitigate such threats, it is advisable that organizations monitor their cloud environments for scattered credentials, implement community controls to forestall entry to manufacturing servers, and safeguard in opposition to container registry scraping.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Supply By

Related posts