Data at risk

Kubernetes API server publicly accessible

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • GDPR
  • ,
  • HITRUST
  • ,
  • ISO 27701
  • ,
  • ISO/IEC 27001
  • ,
  • Mitre ATT&CK v12
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • UK Cyber Essentials

Description

The API server of {GcpGkeCluster} is publicly accessible from anywhere on the internet. This leaves the Kubernetes API server exposed to unauthorized access, reconnaissance attempts and potentially 0-day attacks.
  • Recommend icon

    Recommended Mitigation

    We recommend enabling private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC. You can limit the IP addresses that can access your API server from the internet, or completely disable internet access to the API server.