Detections
Analytics
CNTR-K8-001163 - Kubernetes must limit Secret access on a need-to-know basis.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Kubernetes secrets may store sensitive information such as passwords, tokens, and keys. Access to these secrets should be limited to a need-to-know basis via Kubernetes RBAC.Solution
For Kubernetes accounts that have read access to Secrets without a documented requirement, modify the corresponding Role or ClusterRole to remove list, watch, and get privileges for Secrets.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V2R4_STIG.zip
Item Details
Audit Name: DISA STIG Kubernetes v2r4
References: CAT|II, CCI|CCI-002476, Rule-ID|SV-274884r1107236_rule, STIG-ID|CNTR-K8-001163, Vuln-ID|V-274884
Plugin: Unix
Control ID: 715be613123556c8e490dc75c1d10121e52fbd9040898e48c3c462b6f6c35aae