Merge branch 'master' into change_links_to_avd

added newline to fix linting
switched to adding a new avd_reference instead of changed the VID
2026-03-02 17:50:41 +00:00 · 2020-11-17 12:17:52 +02:00 · 2020-11-15 16:56:57 +02:00 · 2020-11-15 16:43:53 +02:00 · 2020-11-15 15:57:09 +02:00 · 2020-11-15 12:26:20 +02:00
2 changed files with 12 additions and 37 deletions
--- a/docs/_kb/KHV052.md
+++ b/docs/_kb/KHV052.md
@@ -1,23 +0,0 @@
---
-vid: KHV052
-title: Exposed Pods
-categories: [Information Disclosure]
---
-
-# {{ page.vid }} - {{ page.title }}
-
-## Issue description
-
-An attacker could view sensitive information about pods that are bound to a Node using the exposed /pods endpoint
-This can be done either by accessing the readonly port (default 10255), or from the secure kubelet port (10250)
-
-## Remediation
-
-Ensure kubelet is protected using `--anonymous-auth=false` kubelet flag. Allow only legitimate users using `--client-ca-file` or `--authentication-token-webhook` kubelet flags. This is usually done by the installer or cloud provider.
-
-Disable the readonly port by using `--read-only-port=0` kubelet flag.
-
-## References
-
- [Kubelet configuration](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/)
- [Kubelet authentication/authorization](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/)
--- a/kube_hunter/modules/hunting/kubelet.py
+++ b/kube_hunter/modules/hunting/kubelet.py
@@ -35,7 +35,10 @@ class ExposedPodsHandler(Vulnerability, Event):

    def __init__(self, pods):
        Vulnerability.__init__(
-            self, component=Kubelet, name="Exposed Pods", category=InformationDisclosure, vid="KHV052"
+            self,
+            component=Kubelet,
+            name="Exposed Pods",
+            category=InformationDisclosure,
        )
        self.pods = pods
        self.evidence = f"count: {len(self.pods)}"
@@ -1136,16 +1139,11 @@ class ProveSystemLogs(ActiveHunter):
            f"{self.base_url}/" + KubeletHandlers.LOGS.value.format(path="audit/audit.log"),
            verify=False,
            timeout=config.network_timeout,
-        )
-
-        # TODO: add more methods for proving system logs
-        if audit_logs.status_code == requests.status_codes.codes.OK:
-            logger.debug(f"Audit log of host {self.event.host}: {audit_logs.text[:10]}")
-            # iterating over proctitles and converting them into readable strings
-            proctitles = []
-            for proctitle in re.findall(r"proctitle=(\w+)", audit_logs.text):
-                proctitles.append(bytes.fromhex(proctitle).decode("utf-8").replace("\x00", " "))
-            self.event.proctitles = proctitles
-            self.event.evidence = f"audit log: {proctitles}"
-        else:
-            self.event.evidence = "Could not parse system logs"
+        ).text
+        logger.debug(f"Audit log of host {self.event.host}: {audit_logs[:10]}")
+        # iterating over proctitles and converting them into readable strings
+        proctitles = []
+        for proctitle in re.findall(r"proctitle=(\w+)", audit_logs):
+            proctitles.append(bytes.fromhex(proctitle).decode("utf-8").replace("\x00", " "))
+        self.event.proctitles = proctitles
+        self.event.evidence = f"audit log: {proctitles}"
Author	SHA1	Message	Date
danielsagi	d20e5c891e	Merge branch 'master' into change_links_to_avd	2020-11-17 12:17:52 +02:00
Daniel Sagi	72360c6043	added newline to fix linting	2020-11-15 16:56:57 +02:00
Daniel Sagi	b0e88d9e49	switched to adding a new avd_reference instead of changed the VID	2020-11-15 16:43:53 +02:00
Daniel Sagi	432a602530	changed kb_links to be on base report module. and updated to point to avd. now json output returns the full avd url to the vulnerability	2020-11-15 15:57:09 +02:00
Daniel Sagi	6116c83ec7	changed link to point to avd	2020-11-15 12:26:20 +02:00