Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Kubernetes Pods - API Discovery & Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#k8#unauth#kubernetes#devops
Description

What is "Kubernetes Pods - API Discovery & Remote Code Execution?"

The "Kubernetes Pods - API Discovery & Remote Code Execution" module is designed to detect a vulnerability in Kubernetes Pods API. It targets the Kubernetes software and has a critical severity level. The original authors of this module are ilovebinbash, geeknik, and 0xtavian.

Impact

When the service port is available, unauthenticated users can execute commands inside the container through this vulnerability. This can lead to unauthorized access and potential compromise of the Kubernetes environment.

How the module works?

The module sends HTTP requests to the "/pods" and "/api/v1/pods" paths using the GET method. It includes matching conditions to identify specific characteristics of the API response. The matching conditions include:

- Checking if the response contains the word "apiVersion" in any part of the response - Verifying if the response header includes the word "application/json" - Ensuring that the response status is 200 (OK)

If all the matching conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /pods HTTP/1.1
Host: [target_host]

For more information, you can refer to the following resources:

- https://github.com/officialhocc/Kubernetes-Kubelet-RCE - https://blog.binaryedge.io/2018/12/06/kube

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/pods/api/v1/pods
Matching conditions
word: apiVersionand
word: application/jsonand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability