Cybersecurity researchers have uncovered three vulnerabilities in Microsoft's Azure Data Factory Apache Airflow integration that could allow attackers to gain persistent access to the Azure Kubernetes Service (AKS) cluster, enabling data exfiltration and malware deployment. Exploits involve misconfigured Kubernetes RBAC, weak authentication, and flawed secret handling in Azure's Geneva service, potentially allowing attackers to tamper with logs or create malicious pods. Attackers can escalate privileges using compromised credentials or misconfigurations to take full control of the cluster and infiltrate Azure-managed resources. This highlights the critical need for stringent service permissions and monitoring to prevent unauthorized access.

‍