def __init__(self, pods): Vulnerability.__init__(self, Kubelet, "Exposed Pods", category=InformationDisclosure) self.pods = pods self.evidence = f"count: {len(self.pods)}"
def __init__(self): Vulnerability.__init__( self, KubernetesCluster, name="CAP_NET_RAW Enabled", category=AccessRisk, )
def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Critical Privilege Escalation CVE", category=PrivilegeEscalation, vid="KHV022") self.evidence = evidence
def __init__(self, keys): Vulnerability.__init__(self, KubernetesCluster, name="Etcd Remote Read Access Event", category=AccessRisk, vid="KHV032") self.evidence = keys
def __init__(self, write_res): Vulnerability.__init__( self, KubernetesCluster, name="Etcd Remote Write Access Event", category=RemoteCodeExec, vid="KHV031") self.evidence = write_res
def __init__(self, container): Vulnerability.__init__(self, Azure, "Azure SPN Exposure", category=IdentityTheft, vid="KHV004") self.container = container
def __init__(self, version): Vulnerability.__init__(self, KubernetesCluster, name="Etcd Remote version disclosure", category=InformationDisclosure, vid="KHV033") self.evidence = version
def __init__(self, output): Vulnerability.__init__(self, KubernetesCluster, "Root Traversal Read On The Kubelet", category=PrivilegeEscalation) self.output = output self.evidence = "output: {}".format(self.output)
def __init__(self): Vulnerability.__init__( self, KubernetesCluster, name="CAP_NET_RAW Enabled", category=ARPPoisoningTechnique, )
def __init__(self, nodes): Vulnerability.__init__(self, KubernetesCluster, "Dashboard Exposed", category=RemoteCodeExec, vid="KHV029") self.evidence = "nodes: {}".format(' '.join(nodes)) if nodes else None
def __init__(self, evidence): Vulnerability.__init__(self, KubernetesCluster, name="Possible Reset Flood Attack", category=DenialOfService, vid="KHV025") self.evidence = evidence
def __init__(self, email): Vulnerability.__init__(self, KubernetesCluster, "Certificate Includes Email Address", category=InformationDisclosure, khv="KHV021") self.email = email self.evidence = "email: {}".format(self.email)
def __init__(self): Vulnerability.__init__( self, component=Kubelet, name="Anonymous Authentication", category=RemoteCodeExec, vid="KHV036", )
def __init__(self): Vulnerability.__init__( self, component=Kubelet, name="Exposed Attaching To Container", category=RemoteCodeExec, vid="KHV042", )
def __init__(self): Vulnerability.__init__( self, component=Kubelet, name="Exposed Port Forward", category=RemoteCodeExec, vid="KHV041", )
def __init__(self, evidence): Vulnerability.__init__( self, KubernetesCluster, name="Read access to pod's service account token", category=AccessRisk, vid="KHV050") self.evidence = evidence
def __init__(self, binary_version): Vulnerability.__init__(self, KubectlClient, "Kubectl Vulnerable To CVE-2019-1002101", category=RemoteCodeExec, vid="KHV028") self.binary_version = binary_version self.evidence = "kubectl version: {}".format(self.binary_version)
def __init__(self, kubedns_pod_ip): Vulnerability.__init__(self, KubernetesCluster, "Possible DNS Spoof", category=IdentityTheft, vid="KHV030") self.kubedns_pod_ip = kubedns_pod_ip self.evidence = "kube-dns at: {}".format(self.kubedns_pod_ip)
def __init__(self): Vulnerability.__init__( self, KubernetesCluster, "Proxy Exposed", category=ConnectFromProxyServerTechnique, vid="KHV049", )
def __init__(self, evidence): Vulnerability.__init__( self, KubernetesCluster, name="Deleted A Pod", category=AccessRisk, ) self.evidence = evidence
def __init__(self, evidence): Vulnerability.__init__( self, KubernetesCluster, name="Patched a cluster role", category=AccessRisk, ) self.evidence = evidence
def __init__(self, evidence): Vulnerability.__init__( self, KubernetesCluster, name="Created a namespace", category=AccessRisk, ) self.evidence = evidence
def __init__(self): Vulnerability.__init__( self, component=Kubelet, name="Exposed Container Logs", category=InformationDisclosure, vid="KHV037", )
def __init__(self, cidr): Vulnerability.__init__(self, Azure, "Azure Metadata Exposure", category=InformationDisclosure, vid="KHV003") self.cidr = cidr self.evidence = "cidr: {}".format(cidr)
def __init__(self): Vulnerability.__init__( self, component=Kubelet, name="Exposed Run Inside Container", category=RemoteCodeExec, vid="KHV040", )
def __init__(self, evidence): Vulnerability.__init__( self, KubernetesCluster, name="Arbitrary Access To Cluster Scoped Resources", category=PrivilegeEscalation, vid="KHV026") self.evidence = evidence
def __init__(self): Vulnerability.__init__( self, KubernetesCluster, "Possible Arp Spoof", category=IdentityTheft, vid="KHV020", )
def __init__(self, pods): Vulnerability.__init__(self, component=Kubelet, name="Exposed Pods", category=InformationDisclosure, vid="KHV052") self.pods = pods self.evidence = f"count: {len(self.pods)}"
def __init__(self, evidence): Vulnerability.__init__( self, component=KubernetesCluster, name="Access to pod's secrets", category=AccessRisk, ) self.evidence = evidence
def __init__(self, evidence): Vulnerability.__init__( self, KubernetesCluster, name="Denial of Service to Kubernetes API Server", category=DenialOfService, vid="KHV023") self.evidence = evidence