From 3836a8f8c4011f178a67684f458716b57ca3589d Mon Sep 17 00:00:00 2001
From: Ori Agmon <oriagmon1@gmail.com>
Date: Thu, 6 Dec 2018 00:47:16 +0200
Subject: [PATCH] Shallow detection cve 2018 1002105 (#67)

* added the CVE hunter, haven't checked the hunter yet

* fixed illegal name for import file

* Completed & Tested

* subnet scan

* Updated description

* Updated description

* Updated description
---
 src/modules/hunting/CVE_2018_1002105.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/modules/hunting/CVE_2018_1002105.py b/src/modules/hunting/CVE_2018_1002105.py
index 58739c0..d161583 100644
--- a/src/modules/hunting/CVE_2018_1002105.py
+++ b/src/modules/hunting/CVE_2018_1002105.py
@@ -9,10 +9,10 @@ from ...core.events.types import Vulnerability, Event, OpenPortEvent
 from ...core.types import Hunter, ActiveHunter, KubernetesCluster, RemoteCodeExec, AccessRisk, InformationDisclosure, PrivilegeEscalation
 
 """ Vulnerabilities """
-
-
 class ServerApiVersionEndPointAccess(Vulnerability, Event):
-    """ Accessing the server API within a compromised pod would help an attacker gain full control over the cluster"""
+    """ CVE-2018-1002105
+    Pod is vulnerable to critical CVE-2018-1002105
+"""
 
     def __init__(self, evidence):
         Vulnerability.__init__(self, KubernetesCluster, name="Critical PrivilegedEscalation CVE", category=PrivilegeEscalation)
@@ -21,8 +21,8 @@ class ServerApiVersionEndPointAccess(Vulnerability, Event):
 # Passive Hunter
 @handler.subscribe(OpenPortEvent, predicate=lambda x: x.port == 443 or x.port == 6443)
 class IsVulnerableToCVEAttack(Hunter):
-    """ API Server Hunter
-    Accessing the API server within a compromised pod might grant an attacker full control over the cluster
+    """ CVE-2018-1002105
+    Pod is vulnerable to critical CVE-2018-1002105
     """
 
     def __init__(self, event):