Automate Recon and scanning process with Vidoc. All security teams in one place
The "Kube State Metrics Exposure" module is designed to detect the public instance of Kube-State-Metrics metrics. Kube-State-Metrics is a software that provides access to data about the count, health, and availability of pods, nodes, and other Kubernetes objects through the Kubernetes API server.
This module focuses on identifying potential misconfigurations or exposures related to Kube-State-Metrics. It helps users identify any vulnerabilities or issues that may arise from the public exposure of this software.
This module has a severity level of low, indicating that the potential impact of the detected exposure may be limited.
If the Kube-State-Metrics metrics are publicly exposed, it can provide valuable information to potential attackers. They can gain insights into the Kubernetes infrastructure, including the number of pods, nodes, and other objects, which can aid in planning and executing targeted attacks.
While the severity level of this module is low, it is still important to address any misconfigurations or exposures to ensure the security and privacy of the Kubernetes environment.
The "Kube State Metrics Exposure" module works by sending an HTTP GET request to the "/metrics" path of the target. It then applies matching conditions to determine if the response indicates the presence of Kube-State-Metrics and specific metrics, such as "go_goroutines".
Example HTTP request:
The module uses two matching conditions:- The first condition checks if the response body contains the words "kube-state-metrics" and "go_goroutines". - The second condition verifies that the response status is 200 (OK).
Both conditions must be met for the module to consider the target as potentially exposing Kube-State-Metrics metrics.
It is important to note that this module does not perform any active exploitation or modification of the target system. It solely focuses on detecting potential misconfigurations or exposures related to Kube-State-Metrics.