C-0025 - Application exploit (RCE)
Application exploit (RCE)
Framework
AllControls, MITRE
Severity
Critical
Description of the the issue
An application that is deployed in the cluster and is vulnerable to a remote code execution vulnerability, or a vulnerability that eventually allows code execution, enables attackers to run code in the cluster. If service account is mounted to the container (default behavior in Kubernetes), the attacker will be able to send requests to the API server using this service account credentials.
Related resources
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet, services
What does this control test
Searching the image from pod spec in the vulnerability scan database, if there is at least one high vulnerability we raise an alert.
Remediation
Patch your container with a version that does not have this vulnerability or use ARMO runtime protection (sign the workload).
Example
No example
Updated about 17 hours ago