Ensure that Active Azure Service Fabric clusters are not using CVE-2022-30137 vulnerable cluster version(8.2.1124.1)

MEDIUM

Description

CVE-2022-30137 enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster.

Remediation

In Azure Console -

Open the Azure Portal and go to Service Fabric clusters.
Select the cluster you wish to edit.
Under Settings, select Fabric upgrades.
Either set the Fabric upgrade mode to Automatic or select the appropriate Fabric version from the drop-down.
Select Save.

In Terraform -

In the azurerm_service_fabric_cluster resource, either set the upgrade_mode field to Automatic or set the cluster_code_version field to the appropriate version.

References:
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/service_fabric_cluster

Policy Details

Rule Reference ID: AC_AZURE_0209

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_service_fabric_cluster

Resource Category: Compute

Resource Type: Service Fabric Cluster

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0