SYM_CONF_0017 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The configuration disables TLS certificate verification when connecting to a Kubernetes cluster, making HTTPS connections vulnerable to impersonation and interception. This exposes sensitive data exchanged between clients and the server.
Impact
Attackers could perform man-in-the-middle attacks to intercept or alter traffic, steal credentials, or inject malicious commands. This compromises the confidentiality and integrity of data and could lead to unauthorized access or control over your Kubernetes environment.