github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-02-18 20:09:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: github:main
Branches Tags
github:main github:logo github:dep/remove-netifaces github:dep/remove_netifaces github:refactor/cloud_scanning github:update_version_on_job_manifest github:fix/handler_configuration_not_initialized github:improve_help_message_worker_num_flag github:remove_scapy_usage github:owenr-lowercase-severities github:add-severity github:feature/custom_hunting github:bugfix/aws_metadata_scanning github:documentation/mitre github:remove_cve_scanning github:bugfix/fix_release_workflow github:bugfix/fix_github_actions github:feature/mitre_support github:bugfix/cloud_discovery github:bugfix/kubernetes_client_error_logs github:update-docs-dependencies github:feature/service-account-token-flag github:feature/support_multiple_subscription github:feature/immersed github:devops/publish_to_pypi github:feature/multiple_subscription github:danielsagi-patch-1 github:update-deps github:improve_aks_hunting github:added_security_md github:improve_release_workflow github:update_kramdown_dependency github:added_code_analysis_workflow github:refresh_workflows github:add_release_workflow github:fix_pyinstaller_faliure github:stop_using_cap_net_raw github:fix_lint_comments github:update_new_aqua_web_design github:fix_passive_hunting_run_handler github:fix_audit_log_proving github:added_docs_for_exposed_pods github:change_links_to_avd github:fix-prettytable github:fix-hunting-bugs github:fix-certificate-hunting github:improve-dockerfile github:fix-dns-hunting github:issue-359 github:fixed-kubelet github:add_plugins_support github:fix-minor-linting-problem github:lizrice-patch-1 github:refactor_host_discovery github:aquadev
github:v0.6.8 github:v0.6.7 github:v0.6.6 github:v0.6.5 github:v0.6.4 github:v0.6.3 github:v0.6.2 github:v0.6.1 github:v0.6.0 github:v0.5.2 github:v0.5.1 github:v0.5.0 github:v0.4.1 github:v0.4.0 github:v0.3.2 github:v0.3.1 github:v0.3.0 github:v0.3.0-rc1 github:v0.2.0
...
pull from: github:add-severity
Branches Tags
github:main github:logo github:dep/remove-netifaces github:dep/remove_netifaces github:refactor/cloud_scanning github:update_version_on_job_manifest github:fix/handler_configuration_not_initialized github:improve_help_message_worker_num_flag github:remove_scapy_usage github:owenr-lowercase-severities github:add-severity github:feature/custom_hunting github:bugfix/aws_metadata_scanning github:documentation/mitre github:remove_cve_scanning github:bugfix/fix_release_workflow github:bugfix/fix_github_actions github:feature/mitre_support github:bugfix/cloud_discovery github:bugfix/kubernetes_client_error_logs github:update-docs-dependencies github:feature/service-account-token-flag github:feature/support_multiple_subscription github:feature/immersed github:devops/publish_to_pypi github:feature/multiple_subscription github:danielsagi-patch-1 github:update-deps github:improve_aks_hunting github:added_security_md github:improve_release_workflow github:update_kramdown_dependency github:added_code_analysis_workflow github:refresh_workflows github:add_release_workflow github:fix_pyinstaller_faliure github:stop_using_cap_net_raw github:fix_lint_comments github:update_new_aqua_web_design github:fix_passive_hunting_run_handler github:fix_audit_log_proving github:added_docs_for_exposed_pods github:change_links_to_avd github:fix-prettytable github:fix-hunting-bugs github:fix-certificate-hunting github:improve-dockerfile github:fix-dns-hunting github:issue-359 github:fixed-kubelet github:add_plugins_support github:fix-minor-linting-problem github:lizrice-patch-1 github:refactor_host_discovery github:aquadev
github:v0.6.8 github:v0.6.7 github:v0.6.6 github:v0.6.5 github:v0.6.4 github:v0.6.3 github:v0.6.2 github:v0.6.1 github:v0.6.0 github:v0.5.2 github:v0.5.1 github:v0.5.0 github:v0.4.1 github:v0.4.0 github:v0.3.2 github:v0.3.1 github:v0.3.0 github:v0.3.0-rc1 github:v0.2.0

1 Commits
main ... add-severi

Author SHA1 Message Date
“Amir
d36cd1e631 Added severity to the kube-hunter found issues 2022-03-18 17:54:17 +02:00
38 changed files with 40 additions and 1 deletions
Expand all files Collapse all files

1
docs/_kb/KHV002.md
View File

@@ -2,6 +2,7 @@
vid: KHV002
title: Kubernetes version disclosure
categories: [Information Disclosure]
severity: LOW
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV003.md
View File

@@ -2,6 +2,7 @@
vid: KHV003
title: Azure Metadata Exposure
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV004.md
View File

@@ -2,6 +2,7 @@
vid: KHV004
title: Azure SPN Exposure
categories: [Identity Theft]
severity: MEDIUM
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV005.md
View File

@@ -2,6 +2,7 @@
vid: KHV005
title: Access to Kubernetes API
categories: [Information Disclosure, Unauthenticated Access]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV006.md
View File

@@ -2,6 +2,7 @@
vid: KHV006
title: Insecure (HTTP) access to Kubernetes API
categories: [Unauthenticated Access]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV007.md
View File

@@ -2,6 +2,7 @@
vid: KHV007
title: Specific Access to Kubernetes API
categories: [Access Risk]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV020.md
View File

@@ -2,6 +2,7 @@
vid: KHV020
title: Possible Arp Spoof
categories: [IdentityTheft]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV021.md
View File

@@ -2,6 +2,7 @@
vid: KHV021
title: Certificate Includes Email Address
categories: [Information Disclosure]
severity: LOW
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV022.md
View File

@@ -2,6 +2,7 @@
vid: KHV022
title: Critical Privilege Escalation CVE
categories: [Privilege Escalation]
severity: CRITICAL
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV023.md
View File

@@ -2,6 +2,7 @@
vid: KHV023
title: Denial of Service to Kubernetes API Server
categories: [Denial Of Service]
severity: MEDIUM
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV024.md
View File

@@ -2,6 +2,7 @@
vid: KHV024
title: Possible Ping Flood Attack
categories: [Denial Of Service]
severity: MEDIUM
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV025.md
View File

@@ -2,6 +2,7 @@
vid: KHV025
title: Possible Reset Flood Attack
categories: [Denial Of Service]
severity: MEDIUM
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV026.md
View File

@@ -2,6 +2,7 @@
vid: KHV026
title: Arbitrary Access To Cluster Scoped Resources
categories: [PrivilegeEscalation]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV027.md
View File

@@ -2,6 +2,7 @@
vid: KHV027
title: Kubectl Vulnerable To CVE-2019-11246
categories: [Remote Code Execution]
severity: MEDIUM
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV028.md
View File

@@ -2,6 +2,7 @@
vid: KHV028
title: Kubectl Vulnerable To CVE-2019-1002101
categories: [Remote Code Execution]
severity: MEDIUM
---
# {{ page.vid }} - {{ page.title }}

4
docs/_kb/KHV029.md
View File

@@ -2,6 +2,7 @@
vid: KHV029
title: Dashboard Exposed
categories: [Remote Code Execution]
severity: CRITICAL
---
# {{ page.vid }} - {{ page.title }}
@@ -12,4 +13,5 @@ An open Kubernetes Dashboard was detected. The Kubernetes Dashboard can be used
## Remediation
Do not leave the Dashboard insecured.
Do not leave the Dashboard insecured.

1
docs/_kb/KHV030.md
View File

@@ -2,6 +2,7 @@
vid: KHV030
title: Possible DNS Spoof
categories: [Identity Theft]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV031.md
View File

@@ -2,6 +2,7 @@
vid: KHV031
title: Etcd Remote Write Access Event
categories: [Remote Code Execution]
severity: CRITICAL
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV032.md
View File

@@ -2,6 +2,7 @@
vid: KHV032
title: Etcd Remote Read Access Event
categories: [Access Risk]
severity: CRITICAL
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV033.md
View File

@@ -2,6 +2,7 @@
vid: KHV033
title: Etcd Remote version disclosure
categories: [Information Disclosure]
severity: MEDIUM
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV034.md
View File

@@ -2,6 +2,7 @@
vid: KHV034
title: Etcd is accessible using insecure connection (HTTP)
categories: [Unauthenticated Access]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV036.md
View File

@@ -2,6 +2,7 @@
vid: KHV036
title: Anonymous Authentication
categories: [Remote Code Execution]
severity: CRITICAL
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV037.md
View File

@@ -2,6 +2,7 @@
vid: KHV037
title: Exposed Container Logs
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV038.md
View File

@@ -2,6 +2,7 @@
vid: KHV038
title: Exposed Running Pods
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV039.md
View File

@@ -2,6 +2,7 @@
vid: KHV039
title: Exposed Exec On Container
categories: [Remote Code Execution]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV040.md
View File

@@ -2,6 +2,7 @@
vid: KHV040
title: Exposed Run Inside Container
categories: [Remote Code Execution]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV041.md
View File

@@ -2,6 +2,7 @@
vid: KHV041
title: Exposed Port Forward
categories: [Remote Code Execution]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV042.md
View File

@@ -2,6 +2,7 @@
vid: KHV042
title: Exposed Attaching To Container
categories: [Remote Code Execution]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV043.md
View File

@@ -2,6 +2,7 @@
vid: KHV043
title: Cluster Health Disclosure
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV044.md
View File

@@ -2,6 +2,7 @@
vid: KHV044
title: Privileged Container
categories: [Access Risk]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV045.md
View File

@@ -2,6 +2,7 @@
vid: KHV045
title: Exposed System Logs
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV046.md
View File

@@ -2,6 +2,7 @@
vid: KHV046
title: Exposed Kubelet Cmdline
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV047.md
View File

@@ -2,6 +2,7 @@
vid: KHV047
title: Pod With Mount To /var/log
categories: [Privilege Escalation]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV049.md
View File

@@ -2,6 +2,7 @@
vid: KHV049
title: kubectl proxy Exposed
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV050.md
View File

@@ -2,6 +2,7 @@
vid: KHV050
title: Read access to Pod service account token
categories: [Access Risk]
severity: MEDIUM
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV051.md
View File

@@ -2,6 +2,7 @@
vid: KHV051
title: Exposed Existing Privileged Containers Via Secure Kubelet Port
categories: [Access Risk]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV052.md
View File

@@ -2,6 +2,7 @@
vid: KHV052
title: Exposed Pods
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}

1
docs/_kb/KHV053.md
View File

@@ -2,6 +2,7 @@
vid: KHV053
title: AWS Metadata Exposure
categories: [Information Disclosure]
severity: HIGH
---
# {{ page.vid }} - {{ page.title }}