How to disable the /version endpoint of Rancher leaking information about Kubernetes

nlykkei · July 14, 2021, 9:42am

How to disable the /version endpoint without recompiling Rancher or similar?

I would rather not setup a WAF in front of Rancher, if it could be avoided.

Audit has reported an information leakage, since /version reveals that a Rancher (Kubernetes) deployment is present on the network.

$ curl -XGET -i -s https://manage.syst.eb.example.net/version
HTTP/2 200
date: Wed, 14 Jul 2021 09:31:40 GMT
content-type: application/json
content-length: 264
audit-id: 7f99b827-7cad-4050-a9c6-7c97ad5ea8f5
cache-control: no-cache, private
x-content-type-options: nosniff
x-kubernetes-pf-flowschema-uid: 31f6380d-595a-4f0d-8e3e-cf93ca6cda44
x-kubernetes-pf-prioritylevel-uid: ce80214d-d2df-44e2-a725-1a9950c5bba1
strict-transport-security: max-age=15724800; includeSubDomains
{
  "major": "1",
  "minor": "20",
  "gitVersion": "v1.20.6",
  "gitCommit": "8a62859e515889f07e3e3be6a1080413f17cf2c3",
  "gitTreeState": "clean",
  "buildDate": "2021-04-15T03:19:55Z",
  "goVersion": "go1.15.10",
  "compiler": "gc",
  "platform": "linux/amd64"
}

Topic		Replies	Views
Kubernetes v1.17.13, v1.18.10, v1.19.3 - Addresses Security Announcement Announcements	0	1187	October 16, 2020
Rancher Release v2.5.7 Announcements	1	2757	July 15, 2021
Rancher Release v2.4.17 Announcements	1	1366	August 10, 2021
Rancher Release v2.4.15 Announcements	1	1205	July 15, 2021
Kubernetes v1.16.13, v1.17.9, v1.18.6 - Addresses Security Announcement Announcements	0	1417	July 17, 2020

How to disable the /version endpoint of Rancher leaking information about Kubernetes

Related Topics