Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Misconfiguration: Use of HTTP Without TLS #366

Open
akondasif opened this issue Nov 1, 2021 · 5 comments
Open

Security Misconfiguration: Use of HTTP Without TLS #366

akondasif opened this issue Nov 1, 2021 · 5 comments
Labels
kind/enhancement New feature or request kind/help wanted Extra attention is needed stale

Comments

@akondasif
Copy link

akondasif commented Nov 1, 2021
edited

No description provided.

@akondasif
Copy link
Author

akondasif commented Nov 2, 2021
edited

We also have noticed an instance of HTTP without TLS/SSL in one of your Kubernetes manifests. The recommended practice is use of secure HTTP for each team's development and production environment. Enabling TLS ensures secure communication between cluster components.. For examples of Kubernetes security anti-patterns we are following our peer-reviewed publication on Kubernetes security best practices (https://arxiv.org/pdf/2006.15275.pdf).

Location:

IngressMonitorController/config/default/manager_auth_proxy_patch.yaml

Line 16 in a180b75

- "--upstream=http://127.0.0.1:8080/"

Please use SSL/TLS to fix this misconfiguration. We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.

@akondasif akondasif changed the title Anti-pattern: Use of default namespace Anti-pattern: Use of default namespace and HTTP Without TLS Nov 2, 2021
@akondasif akondasif changed the title Anti-pattern: Use of default namespace and HTTP Without TLS Security Misconfiguration: Use of HTTP Without TLS May 9, 2022
@karl-johan-grahn karl-johan-grahn added kind/enhancement New feature or request kind/help wanted Extra attention is needed labels Mar 15, 2023
@github-actions
Copy link

This issue is stale because it has been open for 60 days with no activity.

@github-actions github-actions bot added the stale label May 16, 2023
@github-actions
Copy link

This issue was closed because it has been inactive for 30 days since being marked as stale.

@karl-johan-grahn
Copy link
Contributor

Reopening issues that inadvertently were closed as stale

@github-actions github-actions bot removed the stale label Sep 28, 2023
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 60 days with no activity.

@github-actions github-actions bot added the stale label Nov 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement New feature or request kind/help wanted Extra attention is needed stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@karl-johan-grahn @akondasif