id: kubernetes-pods-api info: name: Kubernetes Pods - API Discovery & Remote Code Execution author: ilovebinbash,geeknik,0xtavian severity: critical description: A Kubernetes Pods API was discovered. When the service port is available, unauthenticated users can execute commands inside the container. reference: - https://github.com/officialhocc/Kubernetes-Kubelet-RCE - https://blog.binaryedge.io/2018/12/06/kubernetes-being-hijacked-worldwide/ tags: k8,unauth,kubernetes,devops,misconfig metadata: max-request: 2 http: - method: GET path: - '{{BaseURL}}/pods' - '{{BaseURL}}/api/v1/pods' matchers-condition: and matchers: - type: word words: - "apiVersion" - type: word words: - "application/json" part: header - type: status status: - 200