From 613d3a09d99feac77d2d010e1b5dd60551adf0a9 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Thu, 29 Sep 2022 22:25:00 +0530
Subject: [PATCH 1/5] Add files via upload

---
 misconfiguration/kubecost-detect.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 misconfiguration/kubecost-detect.yaml

diff --git a/misconfiguration/kubecost-detect.yaml b/misconfiguration/kubecost-detect.yaml
new file mode 100644
index 0000000000..84681a94c7
--- /dev/null
+++ b/misconfiguration/kubecost-detect.yaml
@@ -0,0 +1,23 @@
+id: kubecost-detect
+info:
+  name: unauthenticate kubecost detect
+  author: pussycat0x
+  severity: low
+  metadata:
+    verified: true
+    shodan-query: title:kubecost
+  tags: tech,exposed,
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+      - '{{BaseURL}}/overview.html'
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Cluster Overview | Kubecost</title>'
+          - ''
+      - type: status
+        status:
+          - 200
\ No newline at end of file

From 89dfd8701245669b9fa6302992c0327f9736da01 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Thu, 29 Sep 2022 22:26:46 +0530
Subject: [PATCH 2/5] Update kubecost-detect.yaml

---
 misconfiguration/kubecost-detect.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/misconfiguration/kubecost-detect.yaml b/misconfiguration/kubecost-detect.yaml
index 84681a94c7..c2e8fc9fc4 100644
--- a/misconfiguration/kubecost-detect.yaml
+++ b/misconfiguration/kubecost-detect.yaml
@@ -1,6 +1,6 @@
 id: kubecost-detect
 info:
-  name: unauthenticate kubecost detect
+  name: unauthenticated kubecost detect
   author: pussycat0x
   severity: low
   metadata:
@@ -20,4 +20,4 @@ requests:
           - ''
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200

From 0aa17af07a8daba0d5323e3662fecdcb8e0fb0ee Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 29 Sep 2022 23:10:48 +0530
Subject: [PATCH 3/5] Update and rename kubecost-detect.yaml to
 unauth-kubecost.yaml

---
 ...becost-detect.yaml => unauth-kubecost.yaml} | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)
 rename misconfiguration/{kubecost-detect.yaml => unauth-kubecost.yaml} (58%)

diff --git a/misconfiguration/kubecost-detect.yaml b/misconfiguration/unauth-kubecost.yaml
similarity index 58%
rename from misconfiguration/kubecost-detect.yaml
rename to misconfiguration/unauth-kubecost.yaml
index c2e8fc9fc4..a78e783b18 100644
--- a/misconfiguration/kubecost-detect.yaml
+++ b/misconfiguration/unauth-kubecost.yaml
@@ -1,23 +1,29 @@
-id: kubecost-detect
+id: unauth-kubecost
 info:
-  name: unauthenticated kubecost detect
+  name: Unauthenticated KubeCost Dashboard Exposure
   author: pussycat0x
-  severity: low
+  severity: medium
   metadata:
     verified: true
     shodan-query: title:kubecost
-  tags: tech,exposed,
+  tags: misconfig,exposure,unauth,kubecost
+
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}'
       - '{{BaseURL}}/overview.html'
+
     matchers-condition: and
     matchers:
       - type: word
         words:
           - '<title>Cluster Overview | Kubecost</title>'
-          - ''
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
       - type: status
         status:
           - 200

From be1b2545cc7ea70b48b41015c3edcd5f881c2555 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 29 Sep 2022 23:11:37 +0530
Subject: [PATCH 4/5] Update unauth-kubecost.yaml

---
 misconfiguration/unauth-kubecost.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/misconfiguration/unauth-kubecost.yaml b/misconfiguration/unauth-kubecost.yaml
index a78e783b18..c7ee64571b 100644
--- a/misconfiguration/unauth-kubecost.yaml
+++ b/misconfiguration/unauth-kubecost.yaml
@@ -3,6 +3,7 @@ info:
   name: Unauthenticated KubeCost Dashboard Exposure
   author: pussycat0x
   severity: medium
+  reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478
   metadata:
     verified: true
     shodan-query: title:kubecost

From 1f4b5fe377e64db22e1cd7f94ee58c085d1e8cef Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sat, 1 Oct 2022 14:04:08 +0530
Subject: [PATCH 5/5] Update unauth-kubecost.yaml

---
 misconfiguration/unauth-kubecost.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misconfiguration/unauth-kubecost.yaml b/misconfiguration/unauth-kubecost.yaml
index c7ee64571b..e4051ce911 100644
--- a/misconfiguration/unauth-kubecost.yaml
+++ b/misconfiguration/unauth-kubecost.yaml
@@ -1,6 +1,6 @@
 id: unauth-kubecost
 info:
-  name: Unauthenticated KubeCost Dashboard Exposure
+  name: KubeCost - Unauthenticated Dashboard Exposure
   author: pussycat0x
   severity: medium
   reference: https://www.facebook.com/photo?fbid=470414125129112&set=pcb.470413798462478