Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Kubernetes cluster is being created on GCP without enabling the private cluster feature. This means nodes can be accessed from public networks instead of being restricted to private connectivity.
Impact#
Without a private cluster, malicious actors could potentially reach your cluster nodes directly over the internet, increasing the risk of unauthorized access, data breaches, or compromise of workloads running in the cluster.