SUB-3901 - New Attack Path -2: External facing database without authe…

…ntication
kubescape · Jul 22, 2024 · b3ee892 · b3ee892
1 parent e380f61
commit b3ee892
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/attack-tracks/workload-unauthenticated-service.json b/attack-tracks/workload-unauthenticated-service.json
@@ -0,0 +1,27 @@
+{
+    "apiVersion": "regolibrary.kubescape/v1alpha1",
+    "kind": "AttackTrack",
+    "metadata": {
+        "name": "workload-unauthenticated-service"
+    },
+    "spec": {
+        "version": "1.0",
+        "data": {
+            "name": "Initial Access",
+            "description": "An attacker can access the Kubernetes environment.",
+            "subSteps": [
+                {
+                    "name": "Execution (Vulnerable Image)",
+                    "description": "An attacker can execute malicious code by exploiting vulnerable images.",
+                    "checksVulnerabilities": true,
+                    "subSteps": [
+                        {
+                            "name": "Data Collection",
+                            "description": "An attacker can gather data."
+                        }
+                    ]
+                }
+            ]
+        }
+    }
+}
diff --git a/controls/C-0274-unauthenticatedservice.json b/controls/C-0274-unauthenticatedservice.json
@@ -11,7 +11,7 @@
         ],
         "attackTracks": [
             {
-                "attackTrack": "workload-external-track",
+                "attackTrack": "workload-unauthenticated-service",
                 "categories": [
                     "Data Collection"
                 ]