Source: security@huntr.dev
A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the use of `yaml.load(..., Loader=yaml.Loader)` to deserialize `/var/feast/feature_store.yaml` and `/var/feast/materialization_config.yaml`. This method allows for the instantiation of arbitrary Python objects, enabling an attacker with the ability to modify these YAML files to execute OS commands on the worker pod. This vulnerability can be exploited before the configuration is validated, potentially leading to cluster takeover, data poisoning, and supply-chain sabotage.
Feast version 0.53.0 is vulnerable to a critical remote code execution (RCE) flaw, allowing attackers to execute arbitrary commands on the Kubernetes worker pods. Exploiting this vulnerability, attackers can achieve cluster takeover, compromise data integrity, and potentially disrupt the supply chain. This is due to insecure deserialization of YAML configuration files.
Step 1: Payload Delivery: The attacker crafts a malicious YAML file, feature_store.yaml or materialization_config.yaml, containing Python code designed to execute OS commands. This YAML file is specifically crafted to leverage the yaml.load function's ability to instantiate arbitrary Python objects.
Step 2: File Upload/Modification: The attacker uploads or modifies the crafted YAML file to a location accessible to the Feast Kubernetes materializer job, typically /var/feast/.
Step 3: Configuration Loading: The Feast materializer job, running within a Kubernetes pod, loads and deserializes the malicious YAML file using yaml.load(..., Loader=yaml.Loader).
Step 4: Code Execution: During deserialization, the Python code embedded within the YAML file is executed, leading to the execution of attacker-specified OS commands on the worker pod. This could involve creating reverse shells, downloading malware, or modifying data.
Step 5: Privilege Escalation (Potential): Depending on the permissions of the worker pod, the attacker may be able to escalate privileges within the Kubernetes cluster, potentially leading to a complete cluster takeover.
The vulnerability stems from the insecure use of yaml.load(..., Loader=yaml.Loader) in feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py to parse feature_store.yaml and materialization_config.yaml. This function, without proper input validation, allows for the instantiation of arbitrary Python objects during YAML deserialization. An attacker can craft a malicious YAML file containing Python code that executes OS commands, such as os.system() or subprocess.run(). The lack of input sanitization and validation before the configuration is loaded allows for the execution of this malicious code. The root cause is the unsafe deserialization of user-controlled YAML data, leading to code injection and ultimately, remote code execution. The use of yaml.Loader is inherently insecure when handling untrusted input.
While no specific APTs are directly linked in this limited information, the nature of the vulnerability (RCE) makes it attractive to various threat actors. Attackers could be motivated by data theft, cryptomining, or disruption. The potential for supply-chain compromise is significant. This vulnerability, if exploited, could lead to a CISA KEV entry.
Monitor file access and modification events within the /var/feast/ directory for unexpected changes to feature_store.yaml and materialization_config.yaml.
Analyze network traffic for unusual outbound connections from the Kubernetes worker pods, especially to suspicious IP addresses or domains.
Inspect container logs for suspicious command executions or error messages related to YAML parsing or object instantiation.
Implement file integrity monitoring (FIM) to detect unauthorized modifications to critical configuration files.
Monitor for the creation of new processes or the modification of existing ones within the worker pods.
Upgrade to a patched version of Feast that addresses the vulnerability. This is the primary and most effective remediation.
Implement input validation and sanitization of the YAML configuration files before deserialization. This could involve using a safer YAML parsing library or validating the content against a predefined schema.
Restrict the permissions of the Feast materializer job to the minimum necessary. This limits the potential impact of a successful exploit.
Use a more secure YAML loading method, such as yaml.safe_load(), which prevents the instantiation of arbitrary Python objects.
Implement a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to detect and block malicious requests attempting to exploit the vulnerability.
Regularly scan container images for vulnerabilities and apply security patches promptly.
Enforce least privilege principles within the Kubernetes cluster to limit the blast radius of a compromised pod.