github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-13 04:36:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2018-10020105 reported too often (#68)

Browse Source 
* Reporting CVE-2018-1002106 over-enthusiastically

* Oops
This commit is contained in:
Liz Rice
2018-12-06 21:23:06 +01:00
committed by jerbia
parent 3836a8f8c4
commit 16ff0afba4
1 changed files with 5 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/modules/hunting/CVE_2018_1002105.py
View File

@@ -10,20 +10,16 @@ from ...core.types import Hunter, ActiveHunter, KubernetesCluster, RemoteCodeExe
""" Vulnerabilities """
class ServerApiVersionEndPointAccess(Vulnerability, Event):
""" CVE-2018-1002105
Pod is vulnerable to critical CVE-2018-1002105
"""
""" Node is vulnerable to critical CVE-2018-1002105 """
def __init__(self, evidence):
Vulnerability.__init__(self, KubernetesCluster, name="Critical PrivilegedEscalation CVE", category=PrivilegeEscalation)
Vulnerability.__init__(self, KubernetesCluster, name="Critical Privilege Escalation CVE", category=PrivilegeEscalation)
self.evidence = evidence
# Passive Hunter
@handler.subscribe(OpenPortEvent, predicate=lambda x: x.port == 443 or x.port == 6443)
class IsVulnerableToCVEAttack(Hunter):
""" CVE-2018-1002105
Pod is vulnerable to critical CVE-2018-1002105
"""
""" Node is running a Kubernetes version vulnerable to critical CVE-2018-1002105 """
def __init__(self, event):
self.event = event
@@ -69,9 +65,7 @@ class IsVulnerableToCVEAttack(Hunter):
return False
def execute(self):
if self.get_service_account_token(): # From within a Pod
if self.access_api_server_version_end_point():
self.publish_event(ServerApiVersionEndPointAccess(self.api_server_evidence))
else:
self.get_service_account_token() # From within a Pod we may have extra credentials
if self.access_api_server_version_end_point():
self.publish_event(ServerApiVersionEndPointAccess(self.api_server_evidence))