Kube State Metrics Exposure

ID: kube-state-metrics

Severity: low

Author: ja1sh

Tags: misconfig,exposure,kube-state-metrics,k8s,kubernetes

Description

An attacker can detect the public instance of a Kube-State-Metrics metrics. The Kubernetes API server exposes data about the count, health, and availability of pods, nodes, and other Kubernetes objects.

YAML Source

id: kube-state-metrics

info:
  name: Kube State Metrics Exposure
  author: ja1sh
  severity: low
  description: |
    An attacker can detect the public instance of a Kube-State-Metrics metrics. The Kubernetes API server exposes data about the count, health, and availability of pods, nodes, and other Kubernetes objects.
  classification:
    cpe: cpe:2.3:a:kubernetes:kube-state-metrics:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: kubernetes
    product: kube-state-metrics
    shodan-query: title:Kube-state-metrics
  tags: misconfig,exposure,kube-state-metrics,k8s,kubernetes

http:
  - method: GET
    path:
      - "{{BaseURL}}/metrics"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - kube-state-metrics
          - go_goroutines
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502210084939a2539df1b22d66b4a0d10d29febe6d1568f99310c9559955dd2eec0e6e602204f4b967f362cc48eb78338e9e3173091eb4fdd78e7f537a0dfef616ded25acd6:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/misconfiguration/kubernetes/kube-state-metrics.yaml"

View on Github