How to get the info that kube-hunter reports for open /containerLogs endpoint
Vulnerabilities
+---------------+-------------+------------------+----------------------+----------------+
| LOCATION CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE |
+---------------+-------------+------------------+----------------------+----------------+
+----------------+------------+------------------+----------------------+----------------+
| 1.2.3.4:10250 | Information | Exposed Container| Output logs from a | |
| | Disclosure | Logs | running container | |
| | | | are using the | |
| | | | exposed | |
| | | | /containerLogs | |
| | | | endpoint | |
+---------------+-------------+------------------+----------------------+----------------+
First step, grab the output from /runningpods/ example below:
You'll need the namespace, pod name and container name.
Thus given the below runningpods output:
{"metadata":{"name":"monitoring-influxdb-grafana-v4-6679c46745-zhvjw","namespace":"kube-system","uid":"0d22cdad-06e5-11e9-a7f3-6ac885fbc092","creationTimestamp":null},"spec":{"containers":[{"name":"grafana","image":"sha256:8cb3de219af7bdf0b3ae66439aecccf94cebabb230171fa4b24d66d4a786f4f7","resources":{}},{"name":"influxdb","image":"sha256:577260d221dbb1be2d83447402d0d7c5e15501a89b0e2cc1961f0b24ed56c77c","resources":{}}]},
turns into:
https://1.2.3.4:10250/containerLogs/kube-system/monitoring-influxdb-grafana-v4-6679c46745-zhvjw/grafana
and
https://1.2.3.4:10250/containerLogs/kube-system/monitoring-influxdb-grafana-v4-6679c46745-zhvjw/influxdb
No comments:
Post a Comment