re-add attack track external-workload-with-cluster-takeover-roles

Signed-off-by: YiscahLevySilas1 <[email protected]>
kubescape · Apr 19, 2024 · 9668605 · 9668605
1 parent d77150c
commit 9668605
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 4 deletions.
diff --git a/attack-tracks/external-workload-with-cluster-takeover-roles.json b/attack-tracks/external-workload-with-cluster-takeover-roles.json
@@ -0,0 +1,20 @@
+{
+    "apiVersion": "regolibrary.kubescape/v1alpha1",
+    "kind": "AttackTrack",
+    "metadata": {
+        "name": "external-workload-with-cluster-takeover-roles"
+    },
+    "spec": {
+        "version": "1.0",
+        "data": {
+            "name": "Initial Access",
+            "description": "An attacker can access the Kubernetes environment.",
+            "subSteps": [
+                {
+                    "name": "Cluster Access",
+                    "description": "An attacker has access to sensitive information and can leverage them by creating pods in the cluster."
+                }
+            ]
+        }
+    }
+}
diff --git a/controls/C-0256-exposuretointernet.json b/controls/C-0256-exposuretointernet.json
@@ -17,6 +17,12 @@
                     "Initial Access"
                 ]
             },
+            {
+                "attackTrack": "external-workload-with-cluster-takeover-roles",
+                "categories": [
+                    "Initial Access"
+                ]
+            },
             {
                 "attackTrack": "external-database-without-authentication",
                 "categories": [

diff --git a/controls/C-0266-exposuretointernet-gateway.json b/controls/C-0266-exposuretointernet-gateway.json
@@ -16,6 +16,12 @@
                 "categories": [
                     "Initial Access"
                 ]
+            },
+            {
+                "attackTrack": "external-workload-with-cluster-takeover-roles",
+                "categories": [
+                    "Initial Access"
+                ]
             }
         ]
     },

diff --git a/controls/C-0267-workloadwithclustertakeoverroles.json b/controls/C-0267-workloadwithclustertakeoverroles.json
@@ -4,7 +4,16 @@
         "controlTypeTags": [
             "security"
         ],
-        "attackTracks": []
+        "attackTracks": [
+            {
+                "attackTrack": "external-workload-with-cluster-takeover-roles",
+                "categories": [
+                    "Cluster Access"
+                ],
+                "displayRelatedResources": true,
+                "clickableResourceKind": "ServiceAccount"
+            }
+        ]
     },
     "description": "Cluster takeover roles include workload creation or update and secret access. They can easily lead to super privileges in the cluster. If an attacker can exploit this workload then the attacker can take over the cluster using the RBAC privileges this workload is assigned to.",
     "remediation": "You should apply least privilege principle. Make sure each service account has only the permissions that are absolutely necessary.",
@@ -16,12 +25,12 @@
     "controlID": "C-0267",
     "baseScore": 6.0,
     "category": {
-        "name" : "Workload"
-   },
+        "name": "Workload"
+    },
     "scanningScope": {
         "matches": [
             "cluster",
             "file"
         ]
     }
-}
+}