Skip to main content

Leaving public access open exposes your service to the internet

Severity	Exploitability	Providers	Categories
HIGH	HIGH	AWS	NETWORK

Description

The API server of an AKS cluster is used to communicate and interact with the cluster (such as when using kubectl).

Leaving the API server exposed to the whole internet can allow an attacker to perform distributed denial of service (DDoS) attacks on the service. In case other vulnerabilities are also present in the service, this would facilitate their exploitation.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
False	True	False	False

Denial of service.
Could enable to exploit vulnerabilities in the cluster.

Remediation guidelines

Restrict access to a limited IP range.

References

Secure access to the API server using authorized IP address ranges in AKS

Was this page helpful?

Description
Impact
Remediation guidelines
References

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

How can I help you ?