Fluid Attacks Database

Description

Unable to generate documentation without specific implementation details. The vulnerability detector analysis requires actual code patterns, method implementation, or test cases to accurately describe the security issue and its detection approach.

Weakness:

267 - Excessive Privileges - Kubernetes

Category: Functionality Abuse

Detection Strategy

• Please provide the specific method implementation, vulnerability patterns, or test cases to analyze for generating accurate detection strategies.

Vulnerable code example

resource "kubernetes_pod" "example" {
  metadata {
    name = "vulnerable-pod"
  }
  spec {
    container {
      name  = "nginx"
      image = "nginx"...

✅ Secure code example

resource "kubernetes_pod" "example" {
  metadata {
    name = "secure-pod"
  }
  spec {
    automount_service_account_token = false    # Prevent access to K8s API by default
    container {
      name  = "nginx"...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.