Vulnerable application

Framework

AllControls, MITRE

Severity

Medium

Description of the the issue

Running a public-facing vulnerable application in a cluster can enable initial access to the cluster. A container that runs an application that is vulnerable to remote code execution vulnerability (RCE) may be exploited. If service account is mounted to the container (default behavior in Kubernetes), the attacker will be able to send requests to the API server using this service account credentials.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet, services

What does this control test

Searching the image from pod spec in the vulnerability scan database, if there is at least one high vulnerability we raise an alert.

Remediation

Upgrade your containers to not vulnerble versions or use ARMO runtime protection (sign/verify the workload in the runtime).

Example

No example