Port 22 exposed

Property
Languageterraform
Severitymedium
Vulnerability Typeomission

Description

The Dockerfile exposes port 22, which is commonly used for SSH access. This configuration can allow external users to attempt direct SSH connections to the container, increasing the attack surface.

Impact

If exploited, attackers could attempt unauthorized SSH access to the container, leading to potential compromise of the container environment, data exposure, or use of the container as a foothold for further attacks within the infrastructure.

Predictable from Observable State

Property
Languagesolidity
Severitymedium
CWECWE-341: Predictable from Observable State
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelLow

Description

Using blockhash with the current or future block numbers (e.g., block.number, block.number + N) in Solidity always returns 0, leading to incorrect or predictable results. This makes it unsuitable for randomness or security-critical decisions.

Impact

Relying on blockhash in this way can break logic that depends on unpredictability, such as lotteries or access controls. Attackers may exploit this to predict outcomes, manipulate contract behavior, or cause contract failures, potentially resulting in financial loss or system abuse.

Prevent binding to privileged ports

Property
Languageterraform
Severityhigh
Vulnerability Typeomission

Description

Container configurations are mapping application ports to host ports below 1024, which are reserved for privileged system services and sensitive network traffic. This exposes critical ports to containerized workloads, increasing the risk of unauthorized access.

Impact

If exploited, attackers could intercept or interfere with system-level services by binding to these privileged ports, potentially enabling data interception, service disruption, or privilege escalation within the host environment.

Privileged

Property
Languageterraform
Severityhigh
Vulnerability Typemisconfiguration

Description

Containers configured with ‘securityContext.privileged: true’ run with elevated permissions, effectively removing the isolation between the container and the host system. This misconfiguration allows containers to access and modify host resources directly.

Impact

Exploiting privileged containers allows attackers to break out of the container, access or control the underlying host, escalate privileges, and compromise the entire Kubernetes cluster, leading to significant security breaches and potential data loss.

Protecting Pod service account tokens

Property
Languageterraform
Severitymedium
Vulnerability Typemisconfiguration

Description

Pod specifications allow automatic mounting of service account tokens into containers by default, which exposes sensitive credentials unnecessarily if ‘automountServiceAccountToken’ is not explicitly set to false.

Impact

If exploited, attackers with access to the Pod could obtain the service account token, enabling them to interact with the Kubernetes API and potentially escalate privileges, access sensitive resources, or compromise the cluster.

Protection Mechanism Failure

Property
Languageyaml
Severitylow
CWECWE-693: Protection Mechanism Failure
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Setting ‘hostIPC: true’ in a Kubernetes Pod configuration allows containers to share the host’s IPC namespace, breaking isolation between containers and the host. This makes it possible for container processes to interact with host processes directly.

Impact

If exploited, attackers or compromised containers could access or interfere with processes running on the host machine, potentially leading to privilege escalation, data leakage, or disruption of critical host services. This undermines container security and increases the risk of wider system compromise.

Protection Mechanism Failure

Property
Languagehcl
Severitymedium
CWECWE-693: Protection Mechanism Failure
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

The Azure Key Vault resource is missing purge protection, which means deleted vaults or secrets can be permanently removed immediately. Without this setting enabled, accidental or malicious deletions cannot be recovered.

Impact

If purge protection is not enabled, an attacker or user could permanently delete sensitive keys or secrets, making them unrecoverable. This could lead to data loss, downtime, or loss of critical access, potentially impacting business operations and security.

Public egress should not be allowed via network policies

Property
Languageterraform
Severityhigh
Servicenetwork
ProviderKubernetes
Vulnerability Typemisconfiguration

Description

The network policy allows unrestricted egress traffic to any IP address, including the public internet, instead of limiting access to only necessary destinations. This broad access increases exposure to external networks.

Impact

Unrestricted egress enables compromised pods or malicious insiders to exfiltrate data to the public internet or communicate with untrusted hosts, potentially leading to data breaches, loss of sensitive information, and increased risk of external attacks.

Public ingress should not be allowed via network policies

Property
Languageterraform
Severityhigh
Servicenetwork
ProviderKubernetes
Vulnerability Typemisconfiguration

Description

The network policy configuration allows ingress traffic from any IP address (e.g., 0.0.0.0/0), exposing Kubernetes pods to the public internet without restriction. This bypasses intended network segmentation and access controls.

Impact

Unrestricted public access can enable attackers to scan, access, or exploit exposed services, potentially leading to data breaches, service disruption, or unauthorized resource usage. This increases the attack surface and risk of compromise for workloads within the cluster.

RDB instance should have backup retention longer than 1 day

Property
Languageterraform
Severitymedium
Servicerdb
ProviderNifcloud
Vulnerability Typeomission

Description

The backup retention period for the Nifcloud RDB instance is set to 1 day or less, which provides an insufficient window for data recovery in case of data loss or corruption.

Impact

With a minimal backup retention period, accidental deletions or data corruption may go undetected until it is too late to recover, leading to permanent data loss and increased risk to business continuity.