Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability allows attackers to crash Falco by sending an HTTP request with malformed data. As a precondition, attackers need to have access to the webserver's port exposed by Falco.
Example:
curl http://127.0.0.1:8765/k8s-audit --data '{"kind":0}' -H "Content-Type: application/json"Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been addressed by #759 on Aug 16, 2019.
Users should upgrade to version 0.18.0 or later.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Users who don't need to detect Kubernetes Audit Events can disable the embedded web server from the Falco configuration.
However, a version upgrade to 0.18.0 or later is strongly recommended.
References
Are there any links users can visit to find out more?
This vulnerability was initially reported in this security audit and it's identified by the ID FAL-01-003.
For more information
If you have any questions or comments about this advisory:
leodido Analyst
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability allows attackers to crash Falco by sending an HTTP request with malformed data. As a precondition, attackers need to have access to the webserver's port exposed by Falco.
Example:
curl http://127.0.0.1:8765/k8s-audit --data '{"kind":0}' -H "Content-Type: application/json"Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been addressed by #759 on Aug 16, 2019.
Users should upgrade to version 0.18.0 or later.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Users who don't need to detect Kubernetes Audit Events can disable the embedded web server from the Falco configuration.
However, a version upgrade to 0.18.0 or later is strongly recommended.
References
Are there any links users can visit to find out more?
This vulnerability was initially reported in this security audit and it's identified by the ID
FAL-01-003.For more information
If you have any questions or comments about this advisory: