kube-hunter icon indicating copy to clipboard operation
kube-hunter copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

False Positive in KHV036

Open x64-latacora opened this issue 1 year ago • 1 comments

When the cluster returns 403 responses for unauthenticated requests, KHV036 shouldn't be triggered.

https://github.com/aquasecurity/kube-hunter/blob/7479aae9baed4bb137b4f8c80577ba978280ec60/kube_hunter/modules/discovery/kubelet.py#L63

x64-latacora avatar Jan 09 '24 10:01 x64-latacora

kube-hunter producing incorrect result for KHV036 even though the authentication: anonymous: enabled is set to false in Kubelet configuration file. Please find the below screen shots for your reference. Screenshot from 2024-01-25 18-08-50 Screenshot from 2024-01-25 18-06-01

Expected Result: If authentication: anonymous: enabled is set to false in Kubelet configuration file, the check should not be failed. Actual Result: The check is being failed.

KiranBodipi avatar Jan 25 '24 14:01 KiranBodipi