K8s решето Kubernetes кубер школотроны
blog.aquasec.com
Most clusters were tied to small- to medium-sized organizations, but a notable subset was connected to large conglomerates and Fortune 500 companies, Aqua Security said. The exposures were a result of two misconfigurations: one that allows anonymous access with privileges and another that exposes Kubernetes clusters to the internet.
Over a three-month period, the researchers identified 350+ API servers which could be exploited by attackers, they wrote. Upon analyzing the newly discovered hosts, the team found that 72% had ports 443 and 6443 exposed (these are the default HTTPS ports). They also found that 19% of the hosts used HTTP ports such as 8001 and 8080, while the rest used less common ports (e.g., 9999).
The second issue is a misconfiguration of the `kubectl` proxy with flags that unknowingly expose the Kubernetes cluster to the internet, the researchers said. Impacted hosts included organizations across a variety of sectors such as financial services, aerospace, automotive, industrial, and security.
"When you run the same command with the following flags '–address=`0.0.0.0` –accept-hosts `.*`', the proxy on your workstation will now listen and forward authorized and authenticated requests to the API server from any host that has HTTP access to the workstation. Mind, that the privileges are the same privileges that the user who ran the 'kubectl proxy' command has."