Workload misconfigurations

Kubernetes node’s kubelet anonymous-auth flag is enabled

Platform(s)
  • Non-platform specific

Compliance Frameworks
  • AKS CIS
  • ,
  • CCPA
  • ,
  • CPRA
  • ,
  • EKS CIS
  • ,
  • GKE CIS
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • K8s CIS
  • ,
  • K8s OWASP Top 10
  • ,
  • NIST 800-171
  • ,
  • NIST 800-190
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • STIG K8s
  • ,
  • UK Cyber Essentials

Description

The kubelet reads various parameters, including security settings, from a config file. When the anonymous-auth flag is enabled, requests that are not rejected by other configured authentication methods are treated as anonymous requests. These requests are then served by the Kubelet server. Orca has detected that the Anonymous-auth flag is enabled on {K8sNode.Vm}.