37 lines
1.0 KiB
YAML
37 lines
1.0 KiB
YAML
id: kubernetes-pods-api
|
|
|
|
info:
|
|
name: Kubernetes Pods - API Discovery & Remote Code Execution
|
|
author: ilovebinbash,geeknik,0xtavian
|
|
severity: critical
|
|
description: A Kubernetes Pods API was discovered. When the service port is available, unauthenticated users can execute commands inside the container.
|
|
reference:
|
|
- https://github.com/officialhocc/Kubernetes-Kubelet-RCE
|
|
- https://blog.binaryedge.io/2018/12/06/kubernetes-being-hijacked-worldwide/
|
|
metadata:
|
|
max-request: 2
|
|
tags: k8,unauth,kubernetes,devops,misconfig
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/pods'
|
|
- '{{BaseURL}}/api/v1/pods'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "apiVersion"
|
|
|
|
- type: word
|
|
words:
|
|
- "application/json"
|
|
part: header
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 490a004630440220143f86f473fcb74736d85435c11b69e2645ba37764c811f4e110e562a564f86f02203653a4866258336dcab5cc24bd804ff82ececf124d7ca7f8d9b4685e6bf71b1b:922c64590222798bb761d5b6d8e72950
|