SYM_CONF_0113 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The AKS cluster is missing the 'api_server_authorized_ip_ranges' setting, which means the Kubernetes API server is accessible from any IP address. This exposes the cluster's management interface to the public internet without network restrictions.
Impact
Without restricting access to trusted IP ranges, attackers can attempt to access or attack the Kubernetes API server from anywhere, increasing the risk of unauthorized access, cluster compromise, and potential data breaches.