Public ingress should not be allowed via network policies
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | network |
| Provider | Kubernetes |
| Vulnerability Type | misconfiguration |
Description#
The network policy configuration allows ingress traffic from any IP address (e.g., 0.0.0.0/0), exposing Kubernetes pods to the public internet without restriction. This bypasses intended network segmentation and access controls.
Impact#
Unrestricted public access can enable attackers to scan, access, or exploit exposed services, potentially leading to data breaches, service disruption, or unauthorized resource usage. This increases the attack surface and risk of compromise for workloads within the cluster.
Resolution#
Remove public access except where explicitly required