Summary
IBM Cloud Databases for PostgreSQL was vulnerable to an attack sequence
comprised of PostgreSQL privilege escalation via SQL Injection and chaining
of three secrets scattered in the service environment (a K8s service account
token, a private container registry password, and CI/CD server credentials),
which were abusable due to overly permissive network access to internal build
servers. A malicious actor could have exploited this vulnerability to remotely
execute code in other customers’ environments in order to read and modify data
stored in their PostgreSQL databases.
Affected Services
IBM Cloud Databases
Remediation
None required.
Tracked CVEs
No tracked CVEs
References
https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresqlhttps://www.ibm.com/support/pages/node/6842111
Contributed by https://github.com/korniko98
Entry Status
Finalized
Disclosure Date
Thu, Aug 25th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Ronen Shustin, Shir Tamari, Wiz
