Summary
API interfaces with unauthorized access will leak sensitive information
/api/v1/clusters/kubeconfig/
Details
Routes using v1 without any restrictions
Directly pass in downloadKubeconfig according to the cluster name
pkg/router/v1/white.go
no restrictions
func downloadKubeconfig(ctx context.Context) {
clusterName := ctx.Params().GetString("name")
ctx.Header("Content-Disposition", "attachment")
ctx.Header("filename", fmt.Sprintf("%s-config", clusterName))
ctx.Header("Content-Type", "application/download")
clusterService := service.NewClusterService()
str, err := clusterService.GetKubeconfig(clusterName)
if err != nil {
_, _ = ctx.JSON(err)
ctx.StatusCode(http.StatusInternalServerError)
}
_, _ = ctx.WriteString(str)
}
Impact
This is an unauthorized access to the kubeconfig vulnerability, which can be used to take over the cluster under certain conditions