Feedback on Detected Misconfigurations

[zyue110026]

Greetings,

We are some security researchers who have built a scanner to detect configurations that can be used to conduct attacks for Kubernetes pods. For your repository, we have found a few misconfigurations in the following locations:

Misconfiguration name: INSECURE_HTTP
Location-1:

CloudFlix/monitor/kubernetes-prometheus/manifests-all.yaml

Line 2243 in e29eaee

"url": "http://prometheus:9090",

Misconfiguration name: INSECURE_HTTP
Location-2:

CloudFlix/monitor/kubernetes-prometheus/manifests-all.yaml

Line 2291 in e29eaee

--request POST http://admin:admin@grafana:3000/api/datasources \

Misconfiguration name: INSECURE_HTTP
Location-3:

CloudFlix/monitor/kubernetes-prometheus/manifests-all.yaml

Line 2305 in e29eaee

--request POST http://admin:admin@grafana:3000/api/dashboards/import \

Misconfiguration name: INSECURE_HTTP
Location-4:

CloudFlix/monitor/kubernetes-prometheus/manifests-all.yaml

Line 2508 in e29eaee

- '-alertmanager.url=http://alertmanager:9093/'

Misconfiguration name: TRUE_HOST_PID
Location-5:

CloudFlix/monitor/kubernetes-prometheus/manifests-all.yaml

Line 2707 in e29eaee

hostPID: true

…
Misconfiguration name: TRUE_HOST_NET
Location-6:

CloudFlix/monitor/kubernetes-prometheus/manifests-all.yaml

Line 2706 in e29eaee

hostNetwork: true

Misconfiguration name: HOSTPATH
Location-7:

CloudFlix/monitor/kubernetes-prometheus/manifests-all.yaml

Lines 2676 to 2677 in e29eaee

	hostPath:
	path: /var

Please give us feedback. Do you think these are valid instances of misconfigurations? Will you fix them?