Leaving public access open exposes your service to the internet
Severity | Exploitability | Providers | Categories |
---|---|---|---|
MEDIUM | HIGH | AWS | NETWORK |
Description
The access endpoint of an EKS cluster is used to communicate and interact with the cluster (such as when using kubectl).
Leaving the endpoint exposed to the internet can allow an attacker to perform distributed denial of service (DDoS) attacks on the service. In case other vulnerabilities are also present in the service, this would facilitate their exploitation.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
False | True | False | False |
- Denial of service.
- Could enable to exploit vulnerabilities in the cluster.
Remediation guidelines
Disable public access.