Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Kubernetes Engine cluster is not configured with PodSecurityPolicy enabled, meaning there are no enforced restrictions on what pods can do or what resources they can access. This leaves the cluster open to running potentially risky or untrusted workloads without proper security controls.
Impact#
Without PodSecurityPolicy, attackers or unauthorized users could deploy pods that escalate privileges, access sensitive data, or disrupt other workloads in the cluster. This can lead to data breaches, compromise of cluster integrity, or lateral movement within your cloud environment.