GKE Control Plane should not be publicly accessible
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
The GKE control plane is configured to be accessible from the public internet, allowing connections from any IP address rather than restricting access to trusted networks. This exposes critical cluster management endpoints to potential unauthorized access.
Impact#
If exploited, attackers could gain access to the cluster’s control plane, enabling them to manipulate workloads, exfiltrate data, or disrupt cluster operations. This significantly increases the risk of unauthorized control, data breaches, and service outages.
Resolution#
Use private nodes and master authorised networks to prevent exposure