Domain name for API request: tcss.intl.tencentcloudapi.com.
This API is used to query the list of risk items identified in the last task and filter them by special field.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeRiskList. |
| Version | Yes | String | Common Params. The value used for this API: 2020-11-01. |
| Region | No | String | Common Params. This parameter is not required. |
| ClusterId | No | String | ID of the cluster to be queried. If it is not specified, all risk items will be queried. |
| Offset | No | Integer | Offset |
| Limit | No | Integer | Maximum number of records per query |
| Filters.N | No | Array of ComplianceFilters | Name - String Name. Valid values: RiskLevel (risk level); RiskTarget (check target and risky target); RiskType (risk type); RiskAttribute (risk type of the check item). |
| By | No | String | Sorting field |
| Order | No | String | Sorting order. Valid values: asc, desc. |
| Parameter Name | Type | Description |
|---|---|---|
| ClusterRiskItems | Array of ClusterRiskItem | Array of risk details |
| TotalCount | Integer | Total number of risk items |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: tcss.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeRiskList
<Common request parameters>
{
"ClusterId": "cls-0zmsjvko",
"Limit": "2",
"Offset": "0"
}
{
"Response": {
"RequestId": "ada3da6c-7aa9-48a7-9bdd-c9ae192fef65",
"TotalCount": 18,
"ClusterRiskItems": [
{
"CheckItem": {
"CheckItemId": 2,
"Name": "Apache containerd security vulnerability"
"ItemDetail": "containerd is a container daemon from the American Apache Foundation. This process is responsible for controlling the full cycle of containers on the host machine according to the RunCOCI specification. containerd versions before 1.3.9 and version 1.4.3 have a security vulnerability, which stems from the containerd-shim API being improperly exposed to host network containers. The access control of the shim API socket verifies that the connection process has a valid UID of 0, but imposes no limit on access to abstract Unix domain sockets. This will allow a malicious container running in the same network namespace as the shim, with a valid UID of 0 but reduced privileges in other aspects, leading to the ability to run a new process with elevated privileges."
"RiskLevel": "Middle",
"RiskTarget": "Containerd",
"RiskType": "CVERisk",
"RiskAttribute": "PrivilegePromotion",
"RiskProperty": "ExistPOC ExistEXP ServerRestart",
"CVENumber": "CVE-2020-15257",
"DiscoverTime": "2020-12-01 11:15:00",
"Solution": "The vendor has released an upgrade patch to fix the vulnerability. Patch download link: https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad"
"CVSS": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"CVSSScore": "5.2",
"RelateLink": "https://",
"AffectedType": "Node",
"AffectedVersion": "1.3",
"IgnoredAssetNum": 0,
"IsIgnored": true,
"RiskAssessment": "RiskAssessment"
},
"VerifyInfo": "VerifyInfo",
"ErrorMessage": "ErrorMessage",
"AffectedClusterCount": 1,
"AffectedNodeCount": 2
}
]
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| AuthFailure | A CAM signature/authentication error occurred. |
| FailedOperation | The operation failed. |
| InternalError | An internal error occurred. |
| InvalidParameter | The parameter is incorrect. |
| OperationDenied | The operation was denied. |
| RequestLimitExceeded | The number of requests exceeds the frequency limit. |
| UnauthorizedOperation | The operation is unauthorized. |
피드백