github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-11 03:37:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #76 from mcherny/fix-service-account-token-vuln

Browse Source 
Fix: the pod service account token vulnerability 'Location' is wrong
This commit is contained in:
Liz Rice
2019-01-17 14:59:38 +00:00
committed by GitHub
parent 06218f3267 4f3f2dc1ef
commit e81a938e4f
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/modules/hunting/apiserver.py
View File

@@ -19,15 +19,6 @@ class ServerApiAccess(Vulnerability, Event):
self.evidence = evidence
class ServiceAccountTokenAccess(Vulnerability, Event):
""" Accessing the pod service account token gives an attacker the option to use the server API """
def __init__(self, evidence):
Vulnerability.__init__(self, KubernetesCluster, name="Read access to pod's service account token",
category=AccessRisk)
self.evidence = evidence
class ListPodUnderDefaultNamespace(Vulnerability, Event):
""" Accessing the pods list under default namespace might give an attacker valuable
information to harm the cluster """
@@ -327,7 +318,6 @@ class AccessApiServerViaServiceAccountToken(Hunter):
def execute(self):
if self.get_service_account_token():
self.publish_event(ServiceAccountTokenAccess(self.service_account_token_evidence))
if self.access_api_server():
self.publish_event(ServerApiAccess(self.api_server_evidence))

10
src/modules/hunting/secrets.py
View File

@@ -11,6 +11,14 @@ from ...core.types import Hunter, KubernetesCluster, AccessRisk
from ..discovery.hosts import RunningAsPodEvent
""" Vulnerabilities """
class ServiceAccountTokenAccess(Vulnerability, Event):
""" Accessing the pod service account token gives an attacker the option to use the server API """
def __init__(self, evidence):
Vulnerability.__init__(self, KubernetesCluster, name="Read access to pod's service account token",
category=AccessRisk)
self.evidence = evidence
class SecretsAccess(Vulnerability, Event):
""" Accessing the pod's secrets within a compromised pod might disclose valuable data to a potential attacker"""
@@ -37,5 +45,7 @@ class AccessSecrets(Hunter):
return True if (len(self.secrets_evidence) > 0) else False
def execute(self):
if self.event.auth_token is not None:
self.publish_event(ServiceAccountTokenAccess(self.event.auth_token))
if self.get_services():
self.publish_event(SecretsAccess(self.secrets_evidence))