def __init__(self, pods):
Vulnerability.__init__(self,
Kubelet,
"Exposed Pods",
category=InformationDisclosure)
self.pods = pods
self.evidence = f"count: {len(self.pods)}"
def __init__(self):
Vulnerability.__init__(
self,
KubernetesCluster,
name="CAP_NET_RAW Enabled",
category=AccessRisk,
)
def __init__(self, evidence):
Vulnerability.__init__(self,
KubernetesCluster,
name="Critical Privilege Escalation CVE",
category=PrivilegeEscalation,
vid="KHV022")
self.evidence = evidence
def __init__(self, keys):
Vulnerability.__init__(self,
KubernetesCluster,
name="Etcd Remote Read Access Event",
category=AccessRisk,
vid="KHV032")
self.evidence = keys
def __init__(self, write_res):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Etcd Remote Write Access Event",
category=RemoteCodeExec, vid="KHV031")
self.evidence = write_res
def __init__(self, container):
Vulnerability.__init__(self,
Azure,
"Azure SPN Exposure",
category=IdentityTheft,
vid="KHV004")
self.container = container
def __init__(self, version):
Vulnerability.__init__(self, KubernetesCluster,
name="Etcd Remote version disclosure",
category=InformationDisclosure,
vid="KHV033")
self.evidence = version
def __init__(self, output):
Vulnerability.__init__(self,
KubernetesCluster,
"Root Traversal Read On The Kubelet",
category=PrivilegeEscalation)
self.output = output
self.evidence = "output: {}".format(self.output)
def __init__(self):
Vulnerability.__init__(
self,
KubernetesCluster,
name="CAP_NET_RAW Enabled",
category=ARPPoisoningTechnique,
)
def __init__(self, nodes):
Vulnerability.__init__(self,
KubernetesCluster,
"Dashboard Exposed",
category=RemoteCodeExec,
vid="KHV029")
self.evidence = "nodes: {}".format(' '.join(nodes)) if nodes else None
def __init__(self, evidence):
Vulnerability.__init__(self,
KubernetesCluster,
name="Possible Reset Flood Attack",
category=DenialOfService,
vid="KHV025")
self.evidence = evidence
def __init__(self, email):
Vulnerability.__init__(self, KubernetesCluster,
"Certificate Includes Email Address",
category=InformationDisclosure,
khv="KHV021")
self.email = email
self.evidence = "email: {}".format(self.email)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Anonymous Authentication",
category=RemoteCodeExec,
vid="KHV036",
)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Attaching To Container",
category=RemoteCodeExec,
vid="KHV042",
)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Port Forward",
category=RemoteCodeExec,
vid="KHV041",
)
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Read access to pod's service account token",
category=AccessRisk,
vid="KHV050")
self.evidence = evidence
def __init__(self, binary_version):
Vulnerability.__init__(self,
KubectlClient,
"Kubectl Vulnerable To CVE-2019-1002101",
category=RemoteCodeExec,
vid="KHV028")
self.binary_version = binary_version
self.evidence = "kubectl version: {}".format(self.binary_version)
def __init__(self, kubedns_pod_ip):
Vulnerability.__init__(self,
KubernetesCluster,
"Possible DNS Spoof",
category=IdentityTheft,
vid="KHV030")
self.kubedns_pod_ip = kubedns_pod_ip
self.evidence = "kube-dns at: {}".format(self.kubedns_pod_ip)
def __init__(self):
Vulnerability.__init__(
self,
KubernetesCluster,
"Proxy Exposed",
category=ConnectFromProxyServerTechnique,
vid="KHV049",
)
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Deleted A Pod",
category=AccessRisk,
)
self.evidence = evidence
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Patched a cluster role",
category=AccessRisk,
)
self.evidence = evidence
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Created a namespace",
category=AccessRisk,
)
self.evidence = evidence
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Container Logs",
category=InformationDisclosure,
vid="KHV037",
)
def __init__(self, cidr):
Vulnerability.__init__(self,
Azure,
"Azure Metadata Exposure",
category=InformationDisclosure,
vid="KHV003")
self.cidr = cidr
self.evidence = "cidr: {}".format(cidr)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Run Inside Container",
category=RemoteCodeExec,
vid="KHV040",
)
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Arbitrary Access To Cluster Scoped Resources",
category=PrivilegeEscalation,
vid="KHV026")
self.evidence = evidence
def __init__(self):
Vulnerability.__init__(
self,
KubernetesCluster,
"Possible Arp Spoof",
category=IdentityTheft,
vid="KHV020",
)
def __init__(self, pods):
Vulnerability.__init__(self,
component=Kubelet,
name="Exposed Pods",
category=InformationDisclosure,
vid="KHV052")
self.pods = pods
self.evidence = f"count: {len(self.pods)}"
def __init__(self, evidence):
Vulnerability.__init__(
self,
component=KubernetesCluster,
name="Access to pod's secrets",
category=AccessRisk,
)
self.evidence = evidence
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Denial of Service to Kubernetes API Server",
category=DenialOfService,
vid="KHV023")
self.evidence = evidence
