mirror of
https://github.com/aquasecurity/kube-hunter.git
synced 2026-05-26 19:13:15 +00:00
640 B
640 B
vid, title, categories
| vid | title | categories | |
|---|---|---|---|
| KHV040 | Exposed Run Inside Container |
|
{{ page.vid }} - {{ page.title }}
Issue description
An attacker could run arbitrary commands on a container via the kubelet's /run endpoint. This endpoint is exposed as part of the kubelet's debug handlers.
Remediation
Disable --enable-debugging-handlers kubelet flag.