Merge pull request #635 from kubescape/newac

feat: Update description of "Initial Access" in workload-unauthentica…
kubescape · Aug 18, 2024 · eb485a4 · eb485a4
2 parents 1876df0 + 5d572ae
commit eb485a4
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 14 deletions.
diff --git a/attack-tracks/workload-unauthenticated-service.json b/attack-tracks/workload-unauthenticated-service.json
@@ -8,18 +8,11 @@
         "version": "1.0",
         "data": {
             "name": "Initial Access",
-            "description": "An attacker can access the Kubernetes environment.",
+            "description": "The service is exposed outside the Kubernetes network.",
             "subSteps": [
                 {
-                    "name": "Execution (Vulnerable Image)",
-                    "description": "An attacker can execute malicious code by exploiting vulnerable images.",
-                    "checksVulnerabilities": true,
-                    "subSteps": [
-                        {
-                            "name": "Data Collection",
-                            "description": "An attacker can gather data."
-                        }
-                    ]
+                    "name": "Execution",
+                    "description": "Database access is missing authentication and it can be accessed by anyone"
                 }
             ]
         }

diff --git a/controls/C-0274-unauthenticatedservice.json b/controls/C-0274-unauthenticatedservice.json
@@ -13,7 +13,7 @@
             {
                 "attackTrack": "workload-unauthenticated-service",
                 "categories": [
-                    "Data Collection"
+                    "Execution"
                 ]
             }
         ]

diff --git a/rules/outdated-k8s-version/raw.rego b/rules/outdated-k8s-version/raw.rego
@@ -18,7 +18,7 @@ deny[msga] {
 
 has_outdated_version(version)  {
 	# the `supported_k8s_versions` is validated in the validations script against "https://api.github.com/repos/kubernetes/kubernetes/releases"
-    supported_k8s_versions := ["v1.30", "v1.29", "v1.28"] 
+    supported_k8s_versions := ["v1.31", "v1.30", "v1.29"] 
 	every v in supported_k8s_versions{
 		not startswith(version, v)
 	}

diff --git a/rules/outdated-k8s-version/test/pass/input/node.json b/rules/outdated-k8s-version/test/pass/input/node.json
@@ -200,8 +200,8 @@
           "bootID": "85cb3c8a-7d8e-4885-9a9c-e8a340332f21",
           "containerRuntimeVersion": "docker://20.10.7",
           "kernelVersion": "5.11.0-43-generic",
-          "kubeProxyVersion": "v1.28.6",
-          "kubeletVersion": "v1.28.6",
+          "kubeProxyVersion": "v1.31.6",
+          "kubeletVersion": "v1.31.6",
           "machineID": "b77ec962e3734760b1e756ffc5e83152",
           "operatingSystem": "linux",
           "osImage": "Ubuntu 20.04.2 LTS",