yaml.kubernetes.security.skip-tls-verify-cluster.skip-tls-verify-cluster
semgrepAuthor
418
Download Count*
License
Cluster is disabling TLS certificate verification when communicating with the server. This makes your HTTPS connections insecure. Remove the 'insecure-skip-tls-verify: true' key to secure communication.
Run Locally
Run in CI
Defintion
rules:
- id: skip-tls-verify-cluster
pattern: |
cluster:
...
insecure-skip-tls-verify: true
message: "Cluster is disabling TLS certificate verification when communicating
with the server. This makes your HTTPS connections insecure. Remove the
'insecure-skip-tls-verify: true' key to secure communication."
metadata:
cwe:
- "CWE-319: Cleartext Transmission of Sensitive Information"
references:
- https://kubernetes.io/docs/reference/config-api/client-authentication.v1beta1/#client-authentication-k8s-io-v1beta1-Cluster
category: security
technology:
- kubernetes
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
subcategory:
- vuln
likelihood: MEDIUM
impact: MEDIUM
confidence: MEDIUM
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Mishandled Sensitive Information
languages:
- yaml
severity: WARNING
Examples
skip-tls-verify-cluster.test.yaml
apiVersion: v1
clusters:
# ruleid: skip-tls-verify-cluster
- cluster:
server: https://192.168.0.100:8443
insecure-skip-tls-verify: true
name: minikube1
# ok: skip-tls-verify-cluster
- cluster:
server: https://192.168.0.101:8443
name: minikube2
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: client.crt
client-key: client.key
Short Link: https://sg.run/okyn