Api Server hunting: Not creating pod when no permissions to list namespaces #282

iyehuda · 2019-12-03T23:08:54Z

What happened

Started kube-hunter in active mode with RBAC rules enabled for pod creation.
kube-hunter did not report about successful pod creation.

Expected behavior

kube-hunter reports about successful pod creation

iyehuda · 2019-12-03T23:11:43Z

It worked when added ClusterRole for listing namespaces.
The logic behind the hunter is to list namespaces and try to create a pod inside every namespace found.
When there is no access to list namespaces, the hunter will not try to create a pod.
The desired behavior is to create a pod inside the service account namespace when no namespaces discovered.

…quasecurity#282) Resolves: aquasecurity#248 aquasecurity#249 Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>

iyehuda added the bug Something isn't working label Dec 3, 2019

danielsagi changed the title ~~API server access tests are skipped~~ Api Server hunting: Not creating pod when no permissions to list namespaces Nov 28, 2020

danielsagi added this to the v0.4.1 milestone Nov 28, 2020

danielsagi modified the milestones: v0.4.1, v0.4.2 Dec 17, 2020

py-go pushed a commit to py-go/kube-hunter that referenced this issue Aug 29, 2021

feat(trivy): Authenticate Trivy client with token and custom headers (a…

bc06a15

…quasecurity#282) Resolves: aquasecurity#248 aquasecurity#249 Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Api Server hunting: Not creating pod when no permissions to list namespaces #282

Api Server hunting: Not creating pod when no permissions to list namespaces #282

Api Server hunting: Not creating pod when no permissions to list namespaces #282

Api Server hunting: Not creating pod when no permissions to list namespaces #282

Comments

What happened

Expected behavior