Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Kubernetes: Kubelet API containerLogs endpoint

published on 2019-01-11 14:00:00 UTC by Unknown
Content:

How to get the info that kube-hunter reports for open /containerLogs endpoint



Vulnerabilities
+---------------+-------------+------------------+----------------------+----------------+
| LOCATION       CATEGORY     | VULNERABILITY    | DESCRIPTION          | EVIDENCE       |
+---------------+-------------+------------------+----------------------+----------------+
+----------------+------------+------------------+----------------------+----------------+
| 1.2.3.4:10250 | Information | Exposed Container| Output logs from a   |                |
|               | Disclosure  | Logs             | running container    |                |
|               |             |                  | are using the        |                |
|               |             |                  | exposed              |                |
|               |             |                  | /containerLogs       |                |
|               |             |                  | endpoint             |                |
+---------------+-------------+------------------+----------------------+----------------+

First step, grab the output from /runningpods/ example below:



You'll need the namespace, pod name and container name.

Thus given the below runningpods output:


{"metadata":{"name":"monitoring-influxdb-grafana-v4-6679c46745-zhvjw","namespace":"kube-system","uid":"0d22cdad-06e5-11e9-a7f3-6ac885fbc092","creationTimestamp":null},"spec":{"containers":[{"name":"grafana","image":"sha256:8cb3de219af7bdf0b3ae66439aecccf94cebabb230171fa4b24d66d4a786f4f7","resources":{}},{"name":"influxdb","image":"sha256:577260d221dbb1be2d83447402d0d7c5e15501a89b0e2cc1961f0b24ed56c77c","resources":{}}]},


turns into:


https://1.2.3.4:10250/containerLogs/kube-system/monitoring-influxdb-grafana-v4-6679c46745-zhvjw/grafana



and

https://1.2.3.4:10250/containerLogs/kube-system/monitoring-influxdb-grafana-v4-6679c46745-zhvjw/influxdb



Article: Kubernetes: Kubelet API containerLogs endpoint - published almost 6 years ago.

https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html   
Published: 2019 01 11 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Views: 2

Custom HTML Block

Click to Open Code Editor