Vendor services misconfigurations

GKE Nodepool with legacy Compute Engine instance metadata APIs

Platform(s)
Compliance Frameworks

Description

The legacy GCE metadata endpoint allows simple HTTP requests to be made returning sensitive information. Under some circumstances, these can be used from within a pod to extract the node's credentials. It was detected that {GcpGkeCluster.NodePools} is using Compute Instances with legacy metadata endpoint.
Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.