419 – Traceability Loss - Kubernetes

Description

The kubernetes configuration does not set a logging property, which prevents log files from being created. These files are useful for identifying and tracking malicious actions or anomalous behavior. Alternatively, log files do not have sufficient level of detail.

Impact

Perform harmful actions without raising an alert.

Recommendation

Enable auditing on the Kubernetes API Server and set the desired audit log path.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: H
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 075 - Record exceptional events in logs
• 376 - Register severity level
• 377 - Store logs based on valid regulation
• 378 - Use of log management system

Last updated

2024/02/21