Domain name for API request: tcss.tencentcloudapi.com.
This API is used to query the list of risk items identified in the last task and filter them by special field.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
Parameter Name | Required | Type | Description |
---|---|---|---|
Action | Yes | String | Common Params. The value used for this API: DescribeRiskList. |
Version | Yes | String | Common Params. The value used for this API: 2020-11-01. |
Region | No | String | Common Params. This parameter is not required. |
ClusterId | No | String | ID of the cluster to be queried. If it is not specified, all risk items will be queried. |
Offset | No | Integer | Offset |
Limit | No | Integer | Maximum number of records per query |
Filters.N | No | Array of ComplianceFilters | Name - String Name. Valid values: RiskLevel (risk level); RiskTarget (check target and risky target); RiskType (risk type); RiskAttribute (risk type of the check item). |
By | No | String | Sorting field |
Order | No | String | Sorting order. Valid values: asc , desc . |
Parameter Name | Type | Description |
---|---|---|
ClusterRiskItems | Array of ClusterRiskItem | Array of risk details |
TotalCount | Integer | Total number of risk items |
RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: tcss.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeRiskList
<Common request parameters>
{
"ClusterId": "cls-0zmsjvko",
"Limit": "2",
"Offset": "0"
}
{
"Response": {
"RequestId": "ada3da6c-7aa9-48a7-9bdd-c9ae192fef65",
"TotalCount": 18,
"ClusterRiskItems": [
{
"CheckItem": {
"CheckItemId": 1,
"Name": "runc security vulnerability",
"ItemDetail": "runc is a CLI tool for spawning and running containers according to the OCI specification. It contains a security vulnerability, which can be exploited to bind server file systems to containers.",
"RiskLevel": "Serious",
"RiskTarget": "runC",
"RiskType": "CVERisk",
"RiskAttribute": "PrivilegePromotion",
"RiskProperty": "ExistPOC ExistEXP RemoteExploit ServerRestart",
"CVENumber": "CVE-2021-30465",
"DiscoverTime": "2021-05-27 21:15:00",
"Solution": "The vendor has released the update patch to fix the vulnerability, which can be obtained here: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r",
"CVSS": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CVSSScore": "8.5",
"RelateLink": "https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r https://github.com/opencontainers/runc/releases http://www.openwall.com/lists/oss-security/2021/05/19/2",
"AffectedType": "Node",
"AffectedVersion": ""
},
"VerifyInfo": "",
"ErrorMessage": "",
"AffectedClusterCount": 1,
"AffectedNodeCount": 2
},
{
"CheckItem": {
"CheckItemId": 2,
"Name": "Apache containerd security vulnerability",
"ItemDetail": "containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges.",
"RiskLevel": "Middle",
"RiskTarget": "Containerd",
"RiskType": "CVERisk",
"RiskAttribute": "PrivilegePromotion",
"RiskProperty": "ExistPOC ExistEXP ServerRestart",
"CVENumber": "CVE-2020-15257",
"DiscoverTime": "2020-12-01 11:15:00",
"Solution": "The vendor has released the update patch to fix the vulnerability, which can be obtained here: https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad",
"CVSS": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"CVSSScore": "5.2",
"RelateLink": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad https://github.com/containerd/containerd/releases/tag/v1.4.3 https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4",
"AffectedType": "Node",
"AffectedVersion": ""
},
"VerifyInfo": "",
"ErrorMessage": "",
"AffectedClusterCount": 1,
"AffectedNodeCount": 2
}
]
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
Error Code | Description |
---|---|
AuthFailure | A CAM signature/authentication error occurred. |
FailedOperation | The operation failed. |
InternalError | An internal error occurred. |
InvalidParameter | The parameter is incorrect. |
OperationDenied | The operation was denied. |
RequestLimitExceeded | The number of requests exceeds the frequency limit. |
UnauthorizedOperation | The operation is unauthorized. |
Was this page helpful?