azure-aks-kubernetes-version-outdated: Azure AKS Kubernetes Version Not Latest

日期: 2025-08-01 | 影响软件: Azure AKS Kubernetes Version Outdated | POC: 已公开

漏洞描述

Ensure that your Azure Kubernetes Service (AKS) clusters are using the latest available version of Kubernetes platform in order to receive new or enhanced features and the most recent security fixes. The Kubernetes version upgrade becomes fully available only after it is approved by Microsoft Azure.

PoC代码[已公开]

id: azure-aks-kubernetes-version-outdated
info:
  name: Azure AKS Kubernetes Version Not Latest
  author: princechaddha
  severity: low
  description: |
    Ensure that your Azure Kubernetes Service (AKS) clusters are using the latest available version of Kubernetes platform in order to receive new or enhanced features and the most recent security fixes. The Kubernetes version upgrade becomes fully available only after it is approved by Microsoft Azure.
  impact: |
    Using an outdated version of Kubernetes can prevent you from obtaining the latest features and security patches, potentially exposing your AKS clusters to vulnerabilities.
  remediation: |
    Upgrade your AKS clusters to the latest available Kubernetes version approved by Microsoft Azure to ensure enhanced features and security.
  reference:
    - https://docs.microsoft.com/en-us/azure/aks/kubernetes-service
  tags: cloud,devops,azure,microsoft,kubernetes,azure-cloud-config

flow: |
  code(1);
  for (let ClusterData of iterate(template.clusterList)) {
    ClusterData = JSON.parse(ClusterData);
    set("name", ClusterData.Name);
    set("resourceGroup", ClusterData.ResourceGroup);
    code(2);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az aks list --query '[*].{"Name":name,"ResourceGroup":resourceGroup}'

    extractors:
      - type: json
        name: clusterList
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az aks get-upgrades --name "$name" --resource-group "$resourceGroup" --output json

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"upgrades": ['

    extractors:
      - type: dsl
        dsl:
          - '"$name in $resourceGroup is not using the latest Kubernetes version"'
# digest: 490a00463044022057e99bbf31dcc5c0b1fd07a0fa880436c97571b57ada180da8f33fa1538315df02201e20f663b4c7c51e93b30e5c1763746d553571fcd66f2c117fa1d61f9927c91d:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/azure/aks/azure-aks-kubernetes-version-outdated.yaml