Kube-hunter hunts for security weaknesses in Kubernetes clusters
View the Project on GitHub aquasecurity/kube-hunter
Lookup Vulnerability
KHV042 - Exposed Attaching To Container
Issue description
An attacker could attach to a running container via a websocket on the kubelet’s /attach endpoint. This endpoint is exposed as part of the kubelet’s debug handlers.
Remediation
Disable --enable-debugging-handlers kubelet flag.