Skip to content
Nuclei Templates

Azure AKS Kubernetes Version Not Latest

ID: azure-aks-kubernetes-version-outdated

Severity: low

Author: princechaddha

Tags: cloud,devops,azure,microsoft,kubernetes,azure-cloud-config

Description

Section titled “Description”

Ensure that your Azure Kubernetes Service (AKS) clusters are using the latest available version of Kubernetes platform in order to receive new or enhanced features and the most recent security fixes. The Kubernetes version upgrade becomes fully available only after it is approved by Microsoft Azure.

YAML Source

Section titled “YAML Source”
id: azure-aks-kubernetes-version-outdated
info:
  name: Azure AKS Kubernetes Version Not Latest
  author: princechaddha
  severity: low
  description: |
    Ensure that your Azure Kubernetes Service (AKS) clusters are using the latest available version of Kubernetes platform in order to receive new or enhanced features and the most recent security fixes. The Kubernetes version upgrade becomes fully available only after it is approved by Microsoft Azure.
  impact: |
    Using an outdated version of Kubernetes can prevent you from obtaining the latest features and security patches, potentially exposing your AKS clusters to vulnerabilities.
  remediation: |
    Upgrade your AKS clusters to the latest available Kubernetes version approved by Microsoft Azure to ensure enhanced features and security.
  reference:
    - https://docs.microsoft.com/en-us/azure/aks/kubernetes-service
  tags: cloud,devops,azure,microsoft,kubernetes,azure-cloud-config


flow: |
  code(1);
  for (let ClusterData of iterate(template.clusterList)) {
    ClusterData = JSON.parse(ClusterData);
    set("name", ClusterData.Name);
    set("resourceGroup", ClusterData.ResourceGroup);
    code(2);
  }


self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az aks list --query '[*].{"Name":name,"ResourceGroup":resourceGroup}'


    extractors:
      - type: json
        name: clusterList
        internal: true
        json:
          - '.[]'


  - engine:
      - sh
      - bash
    source: |
      az aks get-upgrades --name "$name" --resource-group "$resourceGroup" --output json


    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"upgrades": ['


    extractors:
      - type: dsl
        dsl:
          - '"$name in $resourceGroup is not using the latest Kubernetes version"'
# digest: 490a00463044022057e99bbf31dcc5c0b1fd07a0fa880436c97571b57ada180da8f33fa1538315df02201e20f663b4c7c51e93b30e5c1763746d553571fcd66f2c117fa1d61f9927c91d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/azure/aks/azure-aks-kubernetes-version-outdated.yaml"

View on Github