Insecure Bind Address Set
- Query id: b9380fd3-5ffe-4d10-9290-13e18e71eee1
- Query name: Insecure Bind Address Set
- Platform: Kubernetes
- Severity: High
- Category: Networking and Firewall
- CWE: 665
- URL: Github
Description¶
When using kube-apiserver command, the '--insecure-bind-address' flag should not be set
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
command: ["kube-apiserver", "--insecure-bind-address=127.0.0.1"]
restartPolicy: OnFailure
Positive test num. 2 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
command: ["kube-apiserver"]
args: ["--insecure-bind-address=127.0.0.1"]
restartPolicy: OnFailure