CVE-2022-36103

Name of the Vulnerable Software and Affected Versions Talos versions prior to 1.2.2

Description The issue is related to improper validation of the request while signing a worker node CSR, which might allow a Talos control plane node to issue a Talos API certificate with full access to the Talos API. This could reveal sensitive information and allow full-level access to the cluster. The Talos API join token is stored in the machine configuration on the worker node. Misconfigurations, such as allowing hostPath mounts or reading machine configuration from a cloud metadata server, may enable a workload to access the machine configuration and reveal the join token.

Recommendations For versions prior to 1.2.2, update to Talos 1.2.2 to fix the issue. As a temporary workaround, consider enabling the Pod Security Standards to deny hostPath mounts and host networking by default in the baseline policy. Restrict access to the machine configuration and secure access to the cloud metadata server to minimize the risk of exploitation.