Logo

Kube-hunter hunts for security weaknesses in Kubernetes clusters

View the Project on GitHub aquasecurity/kube-hunter

Lookup Vulnerability
All vulnerabilies

KHV049 - kubectl proxy Exposed

Issue description

An open kubectl proxy was detected. kubectl proxy is a convenient tool to connect from a local machine into an application running in Kubernetes or to the Kubernetes API. This is common practice to browse for example the Kubernetes dashboard. Leaving an open proxy can be exploited by an attacker to gain access into your entire cluster.

Remediation

Expose your applications in a permanent, legitimate way, such as via Ingress.

Close open proxies immediately after use.

References