Workload misconfigurations

Kubernetes node’s kubelet read-only-port is enabled

Platform(s)

  • Non-platform specific

Compliance Frameworks

AKS CIS, CCPA, CPRA, EKS CIS, GKE CIS, iso_27001_2022, iso_27002_2022, K8s CIS, K8s OWASP Top 10, NIST 800-171, NIST 800-190, NIST 800-53, PDPA, UK Cyber Essentials

Description

The kubelet reads various parameters, including security settings, from a config file. The Kubelet process provides a read-only API in addition to the main Kubelet API. Unauthenticated access is provided to this read-only API which could possibly retrieve potentially sensitive information about the cluster. Orca has detected that the readOnlyPort is not turned off (has a value different than 0) on {K8sNode.Vm}.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo