Test Kennung:	1.3.6.1.4.1.25623.1.0.114010
Kategorie:	Web application abuses
Titel:	Kubernetes Dashboard Public WAN (Internet) / Public LAN Accessible
Zusammenfassung:	The script checks if the Kubernetes Dashboard UI is accessible; from a public WAN (Internet) / public LAN.
Beschreibung:	Summary: The script checks if the Kubernetes Dashboard UI is accessible from a public WAN (Internet) / public LAN. Vulnerability Insight: The installation of Kubernetes Dashboard might be incomplete and therefore unprotected and exposed to the public. Vulnerability Impact: Access to the dashboard gives you top level access to all aspects of administration for the cluster it is assigned to manage. That includes managing applications, containers, starting workloads, adding and modifying applications, and setting key security controls. Solution: It is highly recommended to consider the following: - Regardless of network policy, use MFA for all access. - Apply strict controls to network access, especially for UI and API ports. - Use SSL/TLS for all servers and use valid certificates with proper expiration and enforcement policies. - Investigate VPN (bastion), reverse proxy or direct connect connections to sensitive servers. - Look into product and services such as Lacework in order to discover, detect, prevent, and secure your container services. But most importantly: - Configure your Kubernetes pods to run read-only file systems. - Restrict privilege escalation in Kubernetes. - Build a pod security policy. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:P/A:P
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.