[Security Self Assessment] Cortex

Question

[Security Self Assessment] Cortex

heydc7 opened this issue 6 months ago · comments

Security Self Assessment of Cortex

We are a group of 4 students from New York University, who completed the security assessment of the Cortex project.

You can find the self-assessment here: https://github.com/heydc7/tag-security/blob/main/assessments/projects/cortex/self-assessment.md
Progress of Issue: Rana-KV/tag-security#5

We wanted to connect with the maintainers of Cortex(@alanprot @alvinlin123 @yeya24 @friedrichg ) to have some discussions about our self-assessment and receive feedback/suggestions about where we can improve any missing information or vulnerabilities.

Thanks.

Friedrich Gonzalez · Answer 1 · Mon Dec 04 2023 18:10:41 GMT+0800 (China Standard Time)

Languages Go

It's basically a go binary, the rest you see is only the docs at cortexmetrics.io

SBOM

No, I don't think committing the SBOM to the assesment is the right way. I inspected the sbom and has all the references to go libraries versions. Maybe we need another cortex issue to add support for SBOM. In the meantime I believe you can just link the go.mod

Cortex is mostly a kubernetes service, so most of your proposed threats don't really apply to us.

Threat:
Unauthorized access to Cortex components or data.

Out of scope for cortex. Network policies in kubernetes can be configured so that only the components have access to right components. Maybe an issue should be created in the helm chart to allow this more easily

Threat:
Unauthorized modification of data or configuration settings.

Out of scope for cortex, kubernetes containers are not able to change their configuration files (configmaps).

Threat:
Denying the occurrence of certain actions or events within Cortex.

Out of scope for cortex. There is a number of ways to gather secure logs for kubernetes and preserve logs.

Threat:
Unauthorized access to sensitive information within Cortex.

out of scope for cortex again. Using network policies in kubernetes, this becomes a non issue.

Denial of Service (DoS):
Threat:
Disrupting or degrading the availability of Cortex services.

a proper configured cortex will not suffer any downtime during DoS attacks. There is plenty of options to configure like rate limiting, limiting series per tenant.

Threat:
Unauthorized escalation of user privileges within Cortex.

There is no super user or admin user in cortex, this concept doesn't apply.

And we do have some security threats around alertmanager that you haven't mention. Which we have already mitigated too

Dhanraj Chavan · Answer 2 · Wed Dec 06 2023 04:15:56 GMT+0800 (China Standard Time)

Hi, Thank you for your feedback.

We have updated the self-assessment.

Generated SBOM using cyclonedx-gomod
Updated Threat Model
Added previously known vulnerabilities in the Appendix section