Aqua Vulnerability Database

    Get Demo

    Vulnerabilities
    Misconfiguration
    Runtime Security
    Compliance
    Kubernetes >

    General

    Allow Role Clusterrolebindings Associate Privileged Cluster Role
    Cluster Admin0 Role Only Used Where Required"
    Configmap_with_secrets
    Configmap_with_sensitive
    Containers Not Run As Root
    Default Namespace Should Not Be Used
    Deny Create Update Malicious Pod
    Disable Anonymous Requests Kubelet Server.
    Disable Timeouts Streaming Connections.
    Do Not Allow Role Binding Associate Privileged Role
    Drop Caps Add Bind Svc
    Drop Default Capabilities
    Drop Unused Capabilities
    Eks Iam Configmap
    Ensure Admin Config File Permissions Set 600 Or More Restrictive
    Ensure Admin Config Ownership Set Root:root.
    Ensure Admission Control Plugin Always Admit Is Not Set
    Ensure Admission Control Plugin Always Pull Images Is Set
    Ensure Admission Control Plugin Event Rate Limit Is Set
    Ensure Admission Control Plugin Namespace Lifecycle Is Set
    Ensure Admission Control Plugin Node Restriction Is Set
    Ensure Admission Control Plugin Security Context Deny Is Set If Pod Security Policy Is Not Used
    Ensure Admission Control Plugin Service Account Is Set
    Ensure Anonymous Auth Argument Is False
    Ensure Api Server Pod Specification File Permissions Set 600 Or More Restrictive
    Ensure Api Server Pod Specification Ownership Set Root:root.
    Ensure Audit Log Maxage Argument Is Set To 30 Or As Appropriate
    Ensure Audit Log Maxbackup Argument Is Set To 10 Or As Appropriate
    Ensure Audit Log Maxsize Argument Is Set To 100 Or As Appropriate
    Ensure Audit Log Path Argument Is Set
    Ensure Authorization Mode Argument Includes Node
    Ensure Authorization Mode Argument Includes Rbac
    Ensure Authorization Mode Argument Is Not Set To Alwaysallow
    Ensure Authorization Mode Argument Set Alwaysallow
    Ensure Auto Tls Argument Is Not Set To True
    Ensure Cert File And Key File Arguments Are Set As Appropriate
    Ensure Certificate Authorities File Permissions 600 Or More Restrictive.
    Ensure Certificate_authorities Ownership Set Root:root
    Ensure Client Ca Argument Set Appropriate
    Ensure Client Ca File Argument Is Set As Appropriate
    Ensure Client Cert Auth Argument Is Set To True
    Ensure Controller Manager Bind Address Is Loopback
    Ensure Controller Manager Config File Permissions Set 600 Or More Restrictive
    Ensure Controller Manager Config Ownership Set Root:root.
    Ensure Deny Service External Ips Is Not Set
    Ensure Etcd Cafile Argument Is Set As Appropriate
    Ensure Etcd Certfile And Etcd Keyfile Arguments Are Set As Appropriate
    Ensure Etcd Data Directory Ownership Set Etcd:etcd.
    Ensure Etcd Data Directory Permissions Set 700 Or More Restrictive
    Ensure Event Qps Argument Set 0 Or Level Forappropriate Event Capture
    Ensure Hostname Override Argument Not Set
    Ensure Kubeconfig Kubelet Config.yaml Ownership Set Root:root
    Ensure Kubeconfig Kubelet.conf Ownership Set Root:root
    Ensure Kubelet Certificate Authority Argument Is Set
    Ensure Kubelet Client Certificate And Kubelet Client Key Are Set
    Ensure Kubelet Config.yaml Permissions 600 Or More Restrictive.
    Ensure Kubelet Https Argument Is Set To True
    Ensure Kubelet Only Makes Use Strong Cryptographic Ciphers
    Ensure Kubelet Service File Ownership Set Root:root.
    Ensure Kubelet Service File Permissions Set 600 Or More Restrictive
    Ensure Kubelet.conf File Permissions 600 Or More Restrictive.
    Ensure Kubernetes Pki Cert File Permission Set 600.
    Ensure Kubernetes Pki Directory File Ownership Set Root:root.
    Ensure Kubernetes Pki Key File Permission Set 600.
    Ensure Make Iptables Util Chains Argument Set True
    Ensure Peer Auto Tls Argument Is Not Set To True
    Ensure Peer Cert File And Peer Key File Arguments Are Set As Appropriate
    Ensure Peer Client Cert Auth Argument Is Set To True
    Ensure Profiling Argument Is Set To False
    Ensure Protect Kernel Defaults Set True
    Ensure Proxy Kubeconfig Ownership Set Root:root If Exist
    Ensure Proxy Kubeconfig Permissions Set 600 Or More Restrictive If Exist
    Ensure Root Ca File Argument Is Set As Appropriate
    Ensure Rotate Certificates Argument Set False
    Ensure Rotate Kubelet Server Certificate Argument Set True
    Ensure Scheduler Config File Permissions Set 600 Or More Restrictive
    Ensure Scheduler Config Ownership Set Root:root.
    Ensure Secure Port Argument Is Not Set To 0
    Ensure Service Account Key File Argument Is Set As Appropriate
    Ensure Service Account Lookup Argument Is Set To True
    Ensure Service Account Private Key File Argument Is Set As Appropriate
    Ensure Terminated Pod Gc Threshold Argument Is Set As Appropriate
    Ensure That The Encryption Provider Config Argument Is Set As Appropriate
    Ensure That The Rotatekubeletservercertificate Argument Is Set To True
    Ensure Tls Cert File And Tls Private Key File Arguments Are Set As Appropriate
    Ensure Tls Cert File Argument Set Appropriate
    Ensure Tls Key File Argument Set Appropriate
    Ensure Token Auth File Parameter Is Not Set
    Ensure Use Service Account Credentials Argument Is Set To True
    Evaluate K8s Deprecated Removed Apis
    Insecure Ingress Nginx
    Limit Cpu
    Limit Memory
    Limit Range Usage
    No Anonymous User Bind
    No Attaching Shell Pods
    No Auto Mount Service Token
    No Custom Proc Mask
    No Custom Selinux Options
    No Default Security Context
    No Delete Pod Logs
    No Docker Sock Mount
    No Getting Shell Pods
    No Host Network
    No Host Pid
    No Host Port Access
    No Hostaliases
    No Hostprocess Containers
    No Impersonate Privileged Groups
    No K8s With Disallowed Volumes
    No Manage Configmaps
    No Manage Networking Resources
    No Manage Ns Secrets
    No Manage Rbac Resources
    No Manage Secrets
    No Manage Webhook
    No Mounted Hostpath
    No Net Raw
    No Non Default Capabilities
    No Non Ephemeral Volumes
    No Privilege Escalation From Node Proxy
    No Privilege Port Binding
    No Privileged Containers
    No Public Registries
    No Root
    No Seccomp Unconfined
    No Self Privesc
    No Shared Ipc Namespace
    No Sysadmin Capability
    No Sysmodule Capability
    No System Authenticated Group Bind
    No System Masters Group Bind
    No Tiller
    No Unsafe Sysctl
    No Unspecified Cpu Requests
    No Unspecified Memory Requests
    No Untrusted Ecr Domain
    No User Resources In System Namespace
    No Wildcard Resource Clusterrole
    No Wildcard Resource Role
    No Wildcard Verb Resource Role
    No Wildcard Verb Role
    No_svc_with_extip
    Primary Supplementary Gid
    Resource Quota Usage
    Selector Usage In Network Policies
    Use Azure Image Prefix
    Use Default Apparmor Profile
    Use Default Seccomp
    Use Gcr Domain
    Use High Gid
    Use High Uid
    Use Readonly Filesystem
    Use Specific Tags
    Verify Read Only Port Argument Set 0
    View All Secrets
    Next >>
    Aqua Container Security
    Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
    Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use