Ensure that the –profiling argument is set to false
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The Kubernetes API server is running with the –profiling flag enabled, which exposes profiling endpoints not required for normal operation. Leaving profiling enabled unnecessarily increases the server’s attack surface.
Impact#
If exploited, attackers could access sensitive performance data or abuse profiling endpoints to gather information about the API server and its resource usage, potentially aiding in further attacks or denial-of-service scenarios.
Resolution#
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and set the below parameter.