Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Google Kubernetes Engine (GKE) cluster configuration is missing VPC Flow Logs and intranode visibility. Without these settings, network traffic within and between nodes is not captured for monitoring or auditing.
Impact#
If exploited, this lack of visibility can let attackers move laterally or access sensitive data within the cluster without detection. It makes it harder to investigate incidents, detect suspicious activity, and comply with security policies.