Data at risk
Kubernetes API server publicly accessible
Risk Level
Hazardous (3)
Platform(s)
Compliance Frameworks
- Brazilian General Data Protection (LGPD) ,
- CCPA ,
- GDPR ,
- HITRUST ,
- ISO 27701 ,
- ISO/IEC 27001 ,
- Mitre ATT&CK v12 ,
- NIST 800-171 ,
- NIST 800-53 ,
- UK Cyber Essentials
Description
The API server of {GcpGkeCluster} is publicly accessible from anywhere on the internet. This leaves the Kubernetes API server exposed to unauthorized access, reconnaissance attempts and potentially 0-day attacks.-
Recommended Mitigation
We recommend enabling private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC. You can limit the IP addresses that can access your API server from the internet, or completely disable internet access to the API server.