Workloads in the default namespace

Property
Languageterraform
Severitylow

Description

Workloads are configured to run in the Kubernetes default namespace instead of a dedicated, isolated namespace. This practice reduces separation between resources and can lead to accidental access or changes across unrelated workloads.

Impact

Using the default namespace increases the risk of privilege escalation, resource conflicts, and accidental exposure of sensitive workloads. Attackers or misconfigured processes may more easily discover, access, or interfere with critical resources, compromising the overall security and stability of the cluster.

XML Injection

Property
Languagepython
Severityhigh
CWECWE-91: XML Injection
OWASPA03:2021 - Injection
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelHigh

Description

Building TwiML (Twilio Markup Language) responses using user input or variable data without proper escaping can let attackers inject malicious XML commands. This happens when dynamic strings are used directly to create TwiML responses.

Impact

If exploited, attackers could manipulate the TwiML sent to Twilio, potentially making unauthorized calls, sending messages, or altering call behavior. This can lead to abuse of your Twilio account, data leakage, or disruption of communication services.

You should enable bucket access logging on the CloudTrail S3 bucket.

Property
Languageterraform
Severitylow
Servicecloudtrail
ProviderAWS

Description

The S3 bucket used to store CloudTrail logs does not have access logging enabled, preventing the capture of detailed records about access and operations performed on the bucket. Without access logging, there is no audit trail of who accessed or modified CloudTrail log files.

Impact

If access logging is not enabled, unauthorized or suspicious access to CloudTrail log files may go undetected, hindering forensic investigations and allowing attackers to cover their tracks by deleting or altering critical audit logs without traceability.

yum clean all’ missing

Property
Languageterraform
Severityhigh
Vulnerability Typeomission

Description

The Dockerfile omits the ‘yum clean all’ command after running ‘yum install’, resulting in cached package data being left in the image. This increases image size and retains unnecessary files that should be removed.

Impact

Leaving package caches in the image can significantly inflate image size, leading to longer build and deployment times, increased storage costs, and a larger attack surface due to leftover files that could contain sensitive metadata or be exploited in later stages.

Zone signing should not use RSA SHA1

Property
Languageterraform
Severitymedium
Servicedns
ProviderGoogle
Vulnerability Typemisconfiguration

Description

The DNS zone configuration uses the RSA SHA1 algorithm for zone signing, which is considered weak and outdated compared to SHA2-based algorithms like RSA SHA256 or RSA SHA512. This weak cryptographic choice reduces the overall security of DNSSEC protections.

Impact

Using the RSA SHA1 algorithm increases the risk of cryptographic attacks, potentially allowing attackers to forge DNS records or compromise DNS integrity. This can lead to domain spoofing, interception of traffic, or other attacks that undermine trust in DNS responses.

zypper clean’ missing

Property
Languageterraform
Severityhigh
Vulnerability Typeomission

Description

Dockerfiles that use ‘zypper’ to install packages without running ‘zypper clean’ leave behind unnecessary cache files, increasing the final image size. This results in larger, less efficient container images that retain unwanted package metadata.

Impact

Excessive image size can lead to longer build and deployment times, higher storage costs, and a larger attack surface, as leftover cache files may expose package lists or metadata that could aid attackers in identifying vulnerabilities.