Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Kubernetes Version Exposure" module is designed to detect exposed Kubernetes API servers that return version information without authentication. It targets the Kubernetes software, which is a popular container orchestration platform used in DevOps and tech environments. This module has an informative severity level, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.
This module was authored by raesene and idealphase.
This module does not have a direct impact on the target system. Instead, it provides information about the version of the Kubernetes API server, which can be useful for understanding the environment and potential vulnerabilities. It extracts the default patch version for Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS).
The "Kubernetes Version Exposure" module works by sending an HTTP GET request to the "/version" path of the target Kubernetes API server. It then applies matching conditions to the response to identify specific keywords, such as "gitVersion," "goVersion," and "platform." If all the specified keywords are found in the response, the module considers the version information exposed.
Here is an example of the HTTP request sent by the module:
GET /version
The matching conditions used in this module are:
- Keywords: "gitVersion," "goVersion," "platform" - Matching condition: All keywords must be present in the responseWhen the module detects the exposed version information, it reports it as an informative finding.
For more information, you can refer to the Google Cloud documentation.