Kubernetes

Open Kubernetes Dashboard

The Kubernetes dashboard is reachable over the public internet with anonymous access, so namespaces, pods, and secrets are listable without auth.

CWE-306CWE-200
Back to hub Reload scenario
Cluster probe 

  


      

    


    

      

        
Expected Findings

        
    
          
  • Dashboard `--enable-skip-login` is set.
  • `anonymous-auth=true` on the kube-apiserver.
  • `view` ClusterRole is bound to `system:anonymous`.
    • 
        

      


      

      

        
Signals

        
        

          
Flag

          
--enable-skip-login --anonymous-auth=true

        

        
      

    


    

    

      Developed by vibe-eval.com for validation and testing purposes only.