def __init__(self, pods):
Vulnerability.__init__(self,
component=Kubelet,
name="Exposed Pods",
category=AccessKubeletAPITechnique,
vid="KHV052")
self.pods = pods
self.evidence = f"count: {len(self.pods)}"
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Port Forward",
category=RemoteCodeExec,
vid="KHV041",
)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed System Logs",
category=InformationDisclosure,
vid="KHV045",
)
def __init__(self, kubedns_pod_ip):
Vulnerability.__init__(self,
KubernetesCluster,
"Possible DNS Spoof",
category=IdentityTheft,
vid="KHV030")
self.kubedns_pod_ip = kubedns_pod_ip
self.evidence = "kube-dns at: {}".format(self.kubedns_pod_ip)
def __init__(self):
Vulnerability.__init__(
self,
KubernetesCluster,
"Proxy Exposed",
category=ConnectFromProxyServerTechnique,
vid="KHV049",
)
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Created a namespace",
category=AccessRisk,
)
self.evidence = evidence
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Deleted A Pod",
category=AccessRisk,
)
self.evidence = evidence
def __init__(self, version):
Vulnerability.__init__(self,
KubernetesCluster,
name="Etcd Remote version disclosure",
category=InformationDisclosure,
vid="KHV033")
self.evidence = version
def __init__(self, version):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Etcd is accessible using insecure connection (HTTP)",
category=UnauthenticatedAccess,
vid="KHV034")
self.evidence = version
def __init__(self, evidence):
Vulnerability.__init__(
self,
component=KubernetesCluster,
name="Access to pod's secrets",
category=AccessContainerServiceAccountTechnique,
)
self.evidence = evidence
def __init__(self):
Vulnerability.__init__(
self,
KubernetesCluster,
"Possible Arp Spoof",
category=ARPPoisoningTechnique,
vid="KHV020",
)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Exec On Container",
category=ExecIntoContainerTechnique,
vid="KHV039",
)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Container Logs",
category=AccessKubeletAPITechnique,
vid="KHV037",
)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Anonymous Authentication",
category=ExposedSensitiveInterfacesTechnique,
vid="KHV036",
)
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Arbitrary Access To Cluster Scoped Resources",
category=PrivilegeEscalation,
vid="KHV026")
self.evidence = evidence
def __init__(self, status):
Vulnerability.__init__(self,
Kubelet,
"Cluster Health Disclosure",
category=InformationDisclosure,
vid="KHV043")
self.status = status
self.evidence = f"status: {self.status}"
def __init__(self, binary_version):
Vulnerability.__init__(self,
KubectlClient,
"Kubectl Vulnerable To CVE-2019-1002101",
category=RemoteCodeExec,
vid="KHV028")
self.binary_version = binary_version
self.evidence = "kubectl version: {}".format(self.binary_version)
def __init__(self, cmdline):
Vulnerability.__init__(self,
Kubelet,
"Exposed Kubelet Cmdline",
category=InformationDisclosure,
vid="KHV046")
self.cmdline = cmdline
self.evidence = f"cmdline: {self.cmdline}"
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Patched a cluster role",
category=AccessRisk,
)
self.evidence = evidence
def __init__(self, count):
Vulnerability.__init__(self,
Kubelet,
"Exposed Running Pods",
category=InformationDisclosure,
vid="KHV038")
self.count = count
self.evidence = "{} running pods".format(self.count)
def __init__(self, evidence):
Vulnerability.__init__(
self,
component=KubernetesCluster,
name="Access to pod's secrets",
category=AccessRisk,
)
self.evidence = evidence
def __init__(self, cidr):
Vulnerability.__init__(self,
Azure,
"Azure Metadata Exposure",
category=InformationDisclosure,
vid="KHV003")
self.cidr = cidr
self.evidence = "cidr: {}".format(cidr)
def __init__(self):
Vulnerability.__init__(
self,
KubernetesCluster,
"Possible Arp Spoof",
category=IdentityTheft,
vid="KHV020",
)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Anonymous Authentication",
category=RemoteCodeExec,
vid="KHV036",
)
def __init__(self, keys):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Etcd Remote Read Access Event",
category=AccessRisk,
vid="KHV032")
self.evidence = keys
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Run Inside Container",
category=RemoteCodeExec,
vid="KHV040",
)
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Attaching To Container",
category=RemoteCodeExec,
vid="KHV042",
)
def __init__(self, evidence):
Vulnerability.__init__(
self,
KubernetesCluster,
name="Denial of Service to Kubernetes API Server",
category=DenialOfService,
vid="KHV023")
self.evidence = evidence
def __init__(self, pods):
Vulnerability.__init__(self,
component=Kubelet,
name="Exposed Pods",
category=InformationDisclosure,
vid="KHV052")
self.pods = pods
self.evidence = f"count: {len(self.pods)}"
def __init__(self):
Vulnerability.__init__(
self,
component=Kubelet,
name="Exposed Port Forward",
category=GeneralDefenseEvasionTechnique,
vid="KHV041",
)
