Public egress should not be allowed via network policies
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | network |
| Provider | Kubernetes |
| Vulnerability Type | misconfiguration |
Description#
The network policy allows unrestricted egress traffic to any IP address, including the public internet, instead of limiting access to only necessary destinations. This broad access increases exposure to external networks.
Impact#
Unrestricted egress enables compromised pods or malicious insiders to exfiltrate data to the public internet or communicate with untrusted hosts, potentially leading to data breaches, loss of sensitive information, and increased risk of external attacks.
Resolution#
Remove public access except where explicitly required