KHV002 - Kubernetes version disclosure

Issue description

The fact that your infrastructure is using Kubernetes, and the specific version of Kubernetes used is publicly available, and could be used by an attacker to target your environment with known vulnerabilities in the specific version of Kubernetes you are using. This information could have been obtained from the Kubernetes API /version endpoint, or from the Kubelet’s /metrics debug endpoint.

Remediation

Disable --enable-debugging-handlers kubelet flag.

References

• kubelet server code
• Kubelet - options