Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Kube State Metrics Exposure

By kannthu

Low
Vidoc logoVidoc Module
#misconfig#exposure#kube-state-metrics#k8s#kubernetes
Description

What is "Kube State Metrics Exposure?"

The "Kube State Metrics Exposure" module is designed to detect the public instance of Kube-State-Metrics metrics. Kube-State-Metrics is a software that provides access to data about the count, health, and availability of pods, nodes, and other Kubernetes objects through the Kubernetes API server.

This module focuses on identifying potential misconfigurations or exposures related to Kube-State-Metrics. It helps users identify any vulnerabilities or issues that may arise from the public exposure of this software.

This module has a severity level of low, indicating that the potential impact of the detected exposure may be limited.

Author: ja1sh

Impact

If the Kube-State-Metrics metrics are publicly exposed, it can provide valuable information to potential attackers. They can gain insights into the Kubernetes infrastructure, including the number of pods, nodes, and other objects, which can aid in planning and executing targeted attacks.

While the severity level of this module is low, it is still important to address any misconfigurations or exposures to ensure the security and privacy of the Kubernetes environment.

How does the module work?

The "Kube State Metrics Exposure" module works by sending an HTTP GET request to the "/metrics" path of the target. It then applies matching conditions to determine if the response indicates the presence of Kube-State-Metrics and specific metrics, such as "go_goroutines".

Example HTTP request:

GET /metrics

The module uses two matching conditions:

- The first condition checks if the response body contains the words "kube-state-metrics" and "go_goroutines". - The second condition verifies that the response status is 200 (OK).

Both conditions must be met for the module to consider the target as potentially exposing Kube-State-Metrics metrics.

It is important to note that this module does not perform any active exploitation or modification of the target system. It solely focuses on detecting potential misconfigurations or exposures related to Kube-State-Metrics.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/metrics
Matching conditions
word: kube-state-metrics, go_goroutinesand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability