GKE metadata is not concealed
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | LOW | Google Cloud Provider | SECRET |
Description
GKE instance metadata may contain secrets information. Those should be protected and isolated from the workloads running on the cluster.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Secret metadata information may leak.
Remediation guidelines
Either:
- Set metadata to SECURE
- Set metadata to GKE_METADATA_SERVER, if workload identity is enabled.