KubeCost - Unauthenticated Dashboard Exposure

What is the "KubeCost - Unauthenticated Dashboard Exposure?" module?

The "KubeCost - Unauthenticated Dashboard Exposure" module is designed to detect a potential misconfiguration in the KubeCost software. KubeCost is a tool used for monitoring and managing costs in Kubernetes clusters. This module focuses on identifying instances where the KubeCost dashboard is exposed without authentication, which can pose a security risk.

This module has a medium severity level, indicating that while it may not have immediate critical consequences, it still requires attention and remediation to ensure the security of the cluster.

This module was authored by pussycat0x.

Impact

If the KubeCost dashboard is exposed without authentication, it means that anyone with access to the dashboard URL can view and potentially manipulate sensitive information related to cost management in the Kubernetes cluster. This can lead to unauthorized access, data breaches, and potential financial implications.

How does the module work?

The module works by sending an HTTP GET request to the "/overview.html" path of the target. It then applies a series of matching conditions to determine if the KubeCost dashboard is exposed without authentication.

Here is an example of the HTTP request:

GET /overview.html

The module's matching conditions include:

- The presence of the "<title>Cluster Overview | Kubecost</title>" HTML tag, indicating that the response contains the KubeCost dashboard. - The presence of the "text/html" header, confirming that the response is in HTML format. - A response status code of 200, indicating a successful request.

If all of these conditions are met, the module will flag the potential unauthenticated dashboard exposure.

For more information, you can refer to the reference provided.

Metadata:

- Max request: 1 - Verified: true - Shodan query: title:kubecost