daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/aks/azure-aks-kubernetes-versio...

56 lines
2.0 KiB
YAML
Raw Permalink Blame History

id: azure-aks-kubernetes-version-outdated
info:
name: Azure AKS Kubernetes Version Not Latest
author: princechaddha
severity: low
description: |
Ensure that your Azure Kubernetes Service (AKS) clusters are using the latest available version of Kubernetes platform in order to receive new or enhanced features and the most recent security fixes. The Kubernetes version upgrade becomes fully available only after it is approved by Microsoft Azure.
impact: |
Using an outdated version of Kubernetes can prevent you from obtaining the latest features and security patches, potentially exposing your AKS clusters to vulnerabilities.
remediation: |
Upgrade your AKS clusters to the latest available Kubernetes version approved by Microsoft Azure to ensure enhanced features and security.
reference:
- https://docs.microsoft.com/en-us/azure/aks/kubernetes-service
tags: cloud,devops,azure,microsoft,kubernetes,azure-cloud-config
flow: |
code(1);
for (let ClusterData of iterate(template.clusterList)) {
ClusterData = JSON.parse(ClusterData);
set("name", ClusterData.Name);
set("resourceGroup", ClusterData.ResourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az aks list --query '[*].{"Name":name,"ResourceGroup":resourceGroup}'
extractors:
- type: json
name: clusterList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az aks get-upgrades --name "$name" --resource-group "$resourceGroup" --output json
matchers-condition: and
matchers:
- type: word
words:
- '"upgrades": ['
extractors:
- type: dsl
dsl:
- '"$name in $resourceGroup is not using the latest Kubernetes version"'
# digest: 4a0a00473045022100b2e7b3d51386933b65480f5d614531751137fa6a20e0dcea00dc8fa06a8079c4022025f9c8b9538dda2ce455ec2139422cabc6dbb109c7b01ee7be99e753fe0c4810:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink