[go: up one dir, main page]

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KICS Scan Vulnerabilities Found in emissary-crds.yml file #5701

Open
jiteshonce opened this issue Jun 12, 2024 · 0 comments
Open

KICS Scan Vulnerabilities Found in emissary-crds.yml file #5701

jiteshonce opened this issue Jun 12, 2024 · 0 comments

Comments

@jiteshonce
Copy link

I hope this message finds you well. I am writing to bring to your attention some critical vulnerability issues that we have identified in Emissary CRDs. These vulnerabilities pose significant risks to the security and integrity of our systems, and we believe it is imperative to address them promptly.

Through the use of the KICS tool (https://docs.kics.io/latest/getting-started/), we have identified several vulnerabilities within Emissary CRDs, including but not limited to:
,

  • Privilege escalation allowed
  • Containers running as root
  • NET_RAW capabilities not being dropped
  • Seccomp profile not configured
  • No drop capabilities for containers
  • Containers running with low UID
  • Service account token automount not disabled
  • RBAC wildcard in rule
  • Deployment without PodDisruptionBudget

These vulnerabilities expose our systems to potential attacks, data breaches, and other security risks. Therefore, we urge the Emissary community to prioritize addressing these issues and releasing patches or updates to mitigate the risks associated with them.
We understand that ensuring the security of software is a collaborative effort, and we are committed to assisting in any way we can to resolve these vulnerabilities. We would appreciate timely communication from the Emissary community regarding the steps being taken to address these issues and any guidance on best practices for mitigating these vulnerabilities in the interim.
Thank you for your attention to this matter. We are seeking your support and guidance to ensure the continued security and reliability of Emissary CRDs.Best regards,

Here is the report generated after KICS Scan tool run on our directory, and file with path ../../path/one-time-setup/emissary-crds.yaml are the vulnerabilities related to emissary-crds .

results.json

@jiteshonce jiteshonce changed the title KICS Scan Vuklnerabilities Found in emissary-crds.yml file KICS Scan Vulnerabilities Found in emissary-crds.yml file Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant