yaml.kubernetes.security.skip-tls-verify-service.skip-tls-verify-service

Author
418
Download Count*
License
Service is disabling TLS certificate verification when communicating with the server. This makes your HTTPS connections insecure. Remove the 'insecureSkipTLSVerify: true' key to secure communication.
Run Locally
Run in CI
Defintion
rules:
- id: skip-tls-verify-service
pattern: |
spec:
...
insecureSkipTLSVerify: true
message: "Service is disabling TLS certificate verification when communicating
with the server. This makes your HTTPS connections insecure. Remove the
'insecureSkipTLSVerify: true' key to secure communication."
metadata:
cwe:
- "CWE-319: Cleartext Transmission of Sensitive Information"
references:
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#apiservice-v1-apiregistration-k8s-io
category: security
technology:
- kubernetes
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
subcategory:
- vuln
likelihood: MEDIUM
impact: MEDIUM
confidence: MEDIUM
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
languages:
- yaml
severity: WARNING
Examples
skip-tls-verify-service.test.yaml
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
# ruleid: skip-tls-verify-service
spec:
service:
name: metrics-server
namespace: kube-system
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: true
groupPriorityMinimum: 100
versionPriority: 100
Short Link: https://sg.run/zk10