漏洞描述
Kubernetes(K8s)是云原生计算基金会(Cloud Native Computing Foundation)的一个开源系统,用于自动部署、扩展和管理容器化应用程序。 Kubernetes secrets-store-csi-driver 1.3.3之前版本存在安全漏洞,该漏洞源于会在日志中公开服务帐户令牌。
Kubernetes 日志信息泄露漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC CVE-2018-18264: Kubernetes Dashboard <1.10.1 - Authentication Bypass
- POC kubernetes-dashboard-enabled: Kubernetes Dashboard for ACK Clusters - Enabled
- POC eks-cluster-logging: Kubernetes Cluster Logging
- POC eks-kubernetes-secrets-encryption: EKS Kubernetes Secrets not Encrypted
- POC eks-logging-kubes-api-calls: Enable CloudTrail Logging for Kubernetes API Calls
- POC azure-aks-api-version-not-latest: Azure AKS Kubernetes API Version Not Latest
- POC azure-aks-kubernetes-version-outdated: Azure AKS Kubernetes Version Not Latest
- POC kubernetes-metrics: Detect Kubernetes Exposed Metrics
- POC kubernetes-unauth: kubernetes Unauth
- POC k8s-privileged-containers: Privileged Containers Found in Deployments
- POC kubernetes-exposing-docker-socket-hostpath: Kubernetes Exposing Host's Docker Socket
- POC k8s-missing-network-policies: Check for Missing Network Policies in Kubernetes