kubernetes-metrics: Detect Kubernetes Exposed Metrics

日期: 2025-08-01 | 影响软件: kubernetes-metrics | POC: 已公开

漏洞描述

Information Disclosure of Garbage Collection

PoC代码[已公开]

id: kubernetes-metrics

info:
  name: Detect Kubernetes Exposed Metrics
  author: pussycat0x
  severity: low
  description: Information Disclosure of Garbage Collection
  reference:
    - https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/#metrics-in-kubernetes
  metadata:
    max-request: 1
  tags: kubernetes,exposure,devops,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/metrics"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        condition: and
        words:
          - "namespace"
          - "HELP"
          - "TYPE"
          - "kube"

      - type: status
        status:
          - 200
# digest: 490a00463044022013ddeff06dd80631992e502e6588e4d6115874ee12e2a47b86cac013ea0a79cc022075299ace0d209cd3dd8b870ce5a0ae108c8f948540b2137ef1fe661c1ffed3d1:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/kubernetes/kubernetes-metrics.yaml