Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default Helm charts and Kubernetes deployment templates, revealing that popular cloud-native applications like Apache Pinot, Meshery, and Selenium Grid are being deployed with critical security gaps.

These misconfigurations-often prioritizing convenience over protection-allow attackers to hijack databases, execute arbitrary code, and gain administrative control over clusters.

Apache Pinot, a real-time analytics database used for low-latency queries on large datasets, exemplifies the dangers of “default-by-convenience” configurations.

Microsoft’s Defender for Cloud team found that the official Helm chart exposes Pinot’s broker and controller services via Kubernetes LoadBalancer services without authentication.

This allows unrestricted access to Port 9000, where attackers can query sensitive datasets or manipulate cluster configurations through Pinot’s dashboard.

Recent incidents analyzed by Microsoft revealed attackers exploiting these gaps to exfiltrate data from organizations using Pinot.

Despite documentation noting the setup is a “reference ...