Vendor services misconfigurations

GKE Nodepool with legacy Compute Engine instance metadata APIs

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

The legacy GCE metadata endpoint allows simple HTTP requests to be made returning sensitive information. Under some circumstances, these can be used from within a pod to extract the node's credentials. It was detected that {GcpGkeCluster.NodePools} is using Compute Instances with legacy metadata endpoint.