Logo

Kube-hunter hunts for security weaknesses in Kubernetes clusters

View the Project on GitHub aquasecurity/kube-hunter

Lookup Vulnerability
All vulnerabilies

KHV039 - Exposed Exec On Container

Issue description

An attacker could run arbitrary commands on a container via the kubelet’s /exec endpoint. This endpoint is exposed as part of the kubelet’s debug handlers.

Remediation

Disable --enable-debugging-handlers kubelet flag.

References