github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-06 01:08:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
kube-hunter/docs/_kb/KHV005.md
Owen Rumney e1896f3983 docs: lowercase the severities for AVD (#495) 
Signed-off-by: Owen Rumney <owen@owenrumney.co.uk>
2022-03-25 09:03:43 +00:00

834 B
Raw Permalink Blame History

vid, title, categories, severity
vid title categories severity
KHV005 Access to Kubernetes API
Information Disclosure
Unauthenticated Access
high

{{ page.vid }} - {{ page.title }}

Issue description

Kubernetes API was accessed with Pod Service Account or without Authentication (see report message for details).

Remediation

Secure access to your Kubernetes API.

It is recommended to explicitly specify a Service Account for all of your workloads (serviceAccountName in Pod.Spec), and manage their permissions according to the least privilege principal.

Consider opting out automatic mounting of SA token using automountServiceAccountToken: false on ServiceAccount resource or Pod.spec.

References

Reference in New Issue View Git Blame Copy Permalink