We are excited to announce a new threat detection, with the ability to identify an exposed Kubernetes Dashboard.

This threat detection will inform you when the Kubernetes dashboard for your cluster is exposed to the internet by a Load Balancer.  Exposing your dashboard to the internet makes the management interface of your cluster vulnerable to attack. This creates an opportunity for adversaries to exploit weaknesses in authentication and access control, compromising the security of your system.

What is the Kubernetes Dashboard?

The Kubernetes Dashboard is a web-based Kubernetes user interface (UI) that is used to manage a Kubernetes system, allowing you to run commands on pods within the dashboard and deploy access keys to your clusters.

The Kubernetes Dashboard has a number of uses, including:

  • Deploying containerized applications to the Kubernetes cluster
  • Troubleshooting your containerized application
  • Managing cluster resources
  • Getting on overview of applications running on the cluster
  • Creating or modifying Kubernetes resources such as DaemonSets or Deployments

The Kubernetes Dashboard also gives you information on the state of Kubernetes resources in your cluster and notifies you or any potential errors.

Indicators of Compromise

Screenshot-2024-04-19-at-1.53.45 PM-1024x380

While the Kubernetes Dashboard gives you extensive capabilities for managing Kubernetes, it can also be a launchpad for attacks if there are misconfigurations or excessive/loose permissions. A Load Balancer can expose your Kubernetes Dashboard to the Internet if not properly configured, ultimately making the management interface of your cluster vulnerable. This can also create an opportunity for attackers to exploit any weaknesses in authentication and access control, such as overly permissive RBAC, which can potentially compromise the security of your system.

Use Upwind’s Exposed Kubernetes Dashboard Detection to identify any exposures of your Kubernetes Dashboard and proactively remediate exposures or open attack paths. For  more information on the Exposed Kubernetes Dashboard detection, please visit the Upwind Documentation Center (login required).