Vendor services misconfigurations

GKE Nodepool with legacy Compute Engine instance metadata APIs


The legacy GCE metadata endpoint allows simple HTTP requests to be made returning sensitive information. Under some circumstances, these can be used from within a pod to extract the node's credentials. It was detected that {GcpGkeCluster.NodePools} is using Compute Instances with legacy metadata endpoint.