github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-02-14 18:09:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
kube-hunter/docs/_kb/KHV046.md
Owen Rumney e1896f3983 docs: lowercase the severities for AVD (#495) 
Signed-off-by: Owen Rumney <owen@owenrumney.co.uk>
2022-03-25 09:03:43 +00:00

840 B
Raw Permalink Blame History

vid, title, categories, severity
vid title categories severity
KHV046 Exposed Kubelet Cmdline
Information Disclosure
high

{{ page.vid }} - {{ page.title }}

Issue description

When the Kubelet is run in debug mode, a Pod running in the cluster is able to access the Kubelet's debug/pprof/cmdline endpoint and examine how the kubelet was executed on the node, specifically the command line flags that were used, which tells the attacker about what capabilities the kubelet has which might be exploited.

Remediation

Disable --enable-debugging-handlers kubelet flag.

References

Reference in New Issue View Git Blame Copy Permalink