This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# CVE-2019-11253 | |
# https://github.com/kubernetes/kubernetes/issues/83253 | |
# Shout out: @raesene for poc collab, @iancoldwater + @mauilion for | |
# HONKing inspiration and other guidance. | |
# Description: In Kubernetes 1.13 and below, the default configuration | |
# is that system:anonymous can request a selfsubjectaccessreview | |
# via mechanisms such as "kubectl auth can-i". This request can | |
# include POSTed YAML, and just the act of trying to parse it causes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Source: System.Management.Automation.dll | |
# This list is used to determin if a ScriptBlock contains potential suspicious content | |
# If a match is found an automatic 4104 with a "warning" level is generated. | |
# https://github.com/PowerShell/PowerShell/blob/master/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs | |
- "Add-Type" | |
- "AddSecurityPackage" | |
- "AdjustTokenPrivileges" | |
- "AllocHGlobal" | |
- "BindingFlags" | |
- "Bypass" |
OlderNewer