From outside

Kubernetes version disclosure

Link: https://avd.aquasec.com/misconfig/kubernetes/khv002/

Kubernetes version can be obtained from the Kubernetes API /version endpoint, or from the Kubelet’s /metrics debug endpoint.

Example:

 curl -k <https://10.0.0.1:6443/version>
{
  "major": "1",
  "minor": "18+",
  "gitVersion": "v1.18.8",
  "gitCommit": "27f24d2",
  "gitTreeState": "",
  "buildDate": "2021-08-19T10:00:16Z",
  "goVersion": "go1.13.15",
  "compiler": "gc",
  "platform": "linux/amd64"
}

Access to Kubernetes API

Link: https://avd.aquasec.com/misconfig/kubernetes/khv005/

Exposed sensitive interfaces

Example:

curl -k <https://10.0.0.1:10250>

Retrieve list of Pods / Exposed Pods

Link: https://avd.aquasec.com/misconfig/kubernetes/khv052/

An attacker could view sensitive information about pods that are bound to a Node using the exposed /pods endpoint.

Example:

curl -k 10.189.34.132:10255/pods | jq .

Cluster Health Disclosure

Link: https://avd.aquasec.com/misconfig/kubernetes/khv043/

The kubelet is leaking it’s health information, which may contain sensitive information, via the /healthz endpoint