H3-2022-0082

Exposed Kubernetes Version


Category	`SECURITY_MISCONFIGURATION`
Base Score	`2.0`

Description

A misconfiguration in your Kubernetes setup has left the Kubernetes version publicly accessible via the API server's /version endpoint. An attacker could exploit this misconfiguration by querying the endpoint to discover the specific version of Kubernetes you are running, and then targeting your environment with known exploits or vulnerabilities specific to that version.

Impact

By exploiting this misconfiguration, an attacker could gain insights into potential weaknesses in your Kubernetes deployment, making it easier to design and execute targeted attacks against your infrastructure.

References

Kubelet Configuration