Kubernetes 漏洞列表

fofa-query: app="Kubernetes-Enterprise-Manager"

Information Disclosure of Garbage Collection

Searches for exposed Kubernetes API servers which return version information unauthenticated

A Kubernetes Pods API was discovered. When the service port is available, unauthenticated users can execute commands inside the container.

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.

Ensure that Kubernetes Dashboard (Dashboard WebUI) is disabled for your ACK clusters in order to enhance cluster security and prevent potential attack vectors. The Kubernetes Dashboard is a web-based user interface (UI) that provides a visual representation and management capabilities for Kubernetes clusters. It allows users to monitor and interact with the resources within the cluster, such as pods, deployments, and services, through a graphical interface rather than using command-line tools.

Ensure that your Amazon Elastic Kubernetes Service (EKS) clusters have encryption enabled for Kubernetes secrets using AWS KMS Customer Master Keys (CMKs). This is a security best practice for protecting sensitive data stored in Kubernetes secrets.

Ensure that your Azure Kubernetes Service (AKS) clusters are using the latest available version of Kubernetes platform in order to receive new or enhanced features and the most recent security fixes. The Kubernetes version upgrade becomes fully available only after it is approved by Microsoft Azure.

Ensure that logging is enabled for your Google Kubernetes Engine (GKE) clusters to collect logs emitted by your Kubernetes applications and the GKE infrastructure. Once enabled, the logging feature sends logs and metrics to a remote aggregator to reduce the risk of tampering in case of a breach locally.

Exposing host's Docker socket to containers via a volume.

Checks if containers in Kubernetes Pods are configured to share the host's network namespace, which can lead to security risks.

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.

Kubernetes local cluster web view panel discovered.

Kubernetes Kustomize configuration was detected.

Kubernetes private etcd keys are exposed.

Sends a valid minimal AdmissionReview JSON to reliably detect Kubernetes Ingress-Nginx Admission webhook endpoints.

Information Disclosure of Garbage Collection

A Kubernetes Pods API was discovered. When the service port is available, unauthenticated users can execute commands inside the container.

Information Disclosure of Kubernetes Resource Report

Kubernetes Fake Ingress Certificate is a feature in Kubernetes that allows users to create and use fake or self-signed SSL/TLS certificates for testing purposes without having to obtain a real SSL/TLS certificate from a trusted Certificate Authority (CA).

Kubernetes Image Builder 凭证管理不当漏洞

Kubernetes(简称K8SQ)是Google在2014年开源的一个容器集群管理系统。它用于容器化应用程序的部署、扩展和管理，目标是让部署容器化应用简单且高效。漏洞存在于Kubernetes的1.18.6版本之前，可能导致未经授权的用户访问攻击。漏洞的细节在于Kubelet组件中存在一个调试端点(/debug/pprof)的暴露，该端点可以通过未经授权的Kubelethealthzi端口访问。

Kubernetes Dashboard存在信息泄露漏洞. 该漏洞是由于存在设计缺陷，允许用户查看私有对象导致的。

Kubernetes（K8s）是云原生计算基金会（Cloud Native Computing Foundation）的一个开源系统，用于自动部署、扩展和管理容器化应用程序。 Kubernetes secrets-store-csi-driver 1.3.3之前版本存在安全漏洞，该漏洞源于会在日志中公开服务帐户令牌。

Kubernetes（K8s）是云原生计算基金会（Cloud Native Computing Foundation）的一个开源系统，用于自动部署、扩展和管理容器化应用程序。 Kubernetes kube-apiserver存在安全漏洞，该漏洞源于攻击者可以通过自定义资源绕过对数据的访问限制，从而读取敏感信息。

Snyk kubernetes-monitor是Snyk公司的使用 Snyk 查找和修复 Kubernetes 工作负载中漏洞的工具。 Snyk kubernetes-monitor存在安全漏洞，该漏洞源于可能导致不相关的数据被发布到Snyk组织，这反过来可能会混淆其他相关的安全问题。

ovn-kubernetes是OVN开源的一个基于开放虚拟网络（OVN）并提供基于覆盖的网络实现。 ovn-kubernetes 存在安全漏洞，系统管理员或特权攻击者利用该漏洞创建一个出口网络策略，绕过集群中其他pod的现有入口策略，从而允许网络流量访问不该访问的pod，导致信息泄露。