This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

any document about vulnerabilities without module ID on SCC?

Posted on 10-06-2024 11:58 PM
Frandlee
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi experts, 

I am trying to understand the items list on the Vulneraibilities of SCC. 

There are a lot of items that have no Module ID in the Vulneraibilities page. 
For example, 
Cataegory: GKE Security bulletin, Secrets in environment variables, block all ingress. 

Is there any documents about these items without Module id?

Many thanks. 

BR,

Lee

 

Solved Solved
0 2 337
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
andras
Staff
Reply posted on --/--/---- --:-- AM

Hi Lee,

For the GKE Security Bulletin vulnerabilities we would normally look for vulnerabilities related to Security Bulletins related to GKE. Some more details on these can be found here:

https://cloud.google.com/kubernetes-engine/security-bulletins

If you have any associated Active Findings then it’s worth checking for any actions which could be required per the associated bulletin.

For Secrets in environment variables is looking for affected resource storing credentials or other secret information in its environment variables. This is a security vulnerability because environment variables are stored unencrypted, and accessible to all users who have access to the code. Any associate Findings should list the affected resource in question

Screenshot 2024-10-07 at 13.40.37.png

For Block All Ingress these are items associated with the Policy Controller and the creation of Ingress Objects based on the BlockAllIngress policy template

https://cloud.google.com/kubernetes-engine/enterprise/policy-controller/docs/latest/reference/constr...

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
andras
Staff
Reply posted on --/--/---- --:-- AM

Hi Lee,

For the GKE Security Bulletin vulnerabilities we would normally look for vulnerabilities related to Security Bulletins related to GKE. Some more details on these can be found here:

https://cloud.google.com/kubernetes-engine/security-bulletins

If you have any associated Active Findings then it’s worth checking for any actions which could be required per the associated bulletin.

For Secrets in environment variables is looking for affected resource storing credentials or other secret information in its environment variables. This is a security vulnerability because environment variables are stored unencrypted, and accessible to all users who have access to the code. Any associate Findings should list the affected resource in question

Screenshot 2024-10-07 at 13.40.37.png

For Block All Ingress these are items associated with the Policy Controller and the creation of Ingress Objects based on the BlockAllIngress policy template

https://cloud.google.com/kubernetes-engine/enterprise/policy-controller/docs/latest/reference/constr...

Jump to Solution

Posted on --/--/---- --:-- AM
Frandlee
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi Andras,

thank you so much.

Br, Lee

Jump to Solution
0 Likes
Top Solution Authors
View all