Back to Research
Platform Exploits

Account Hijacking and Internal Network Attacks in Kubeflow

Eresus Security Research TeamSecurity Researcher
September 14, 2024
1 min read

Overview

Kubeflow often runs high-privilege notebooks. An unauthenticated API bypass or Server-Side Request Forgery (SSRF) present in MLflow / Kubeflow can give attackers full access to the underlying Kubernetes nodes and cloud metadata service (IMDS).

Remediation

Implement strict OIDC authentication for Kubeflow. Block container access to cloud IMDS endpoints via NetworkPolicies.