github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-06 01:08:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
kube-hunter/docs/_kb/KHV021.md
Owen Rumney e1896f3983 docs: lowercase the severities for AVD (#495) 
Signed-off-by: Owen Rumney <owen@owenrumney.co.uk>
2022-03-25 09:03:43 +00:00

565 B
Raw Permalink Blame History

vid, title, categories, severity
vid title categories severity
KHV021 Certificate Includes Email Address
Information Disclosure
low

{{ page.vid }} - {{ page.title }}

Issue description

The Kubernetes API Server advertises a public certificate for TLS. This certificate includes an email address, that may provide additional information for an attacker on your organization, or be abused for further email based attacks.

Remediation

Do not include email address in the Kubernetes API server certificate. (You should continue to use certificates to secure the API Server!)

Reference in New Issue View Git Blame Copy Permalink