Master authorized networks are not configured
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | Google Cloud Provider | NETWORK |
Description
Authorized networks restrict the origins from where the control planes of Google Kubernetes Engines (GKE) clusters can be accessed.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Control planes can be accessed from anywhere, risking Distributed Denial-of-Service (DDoS). It may also be a risk of data exposure, if bruteforce attack is conducted.
Remediation guidelines
Enable master authorized networks, then configure the IP addresses allowed to access the GKE cluster's control plane.