SYM_CONF_0146 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The GKE cluster configuration enables basic authentication using a static username and password, which is insecure and should be disabled. This approach exposes the cluster to unauthorized access if credentials are leaked or guessed.
Impact
If exploited, attackers could gain administrative access to your Kubernetes cluster, allowing them to steal data, deploy malicious workloads, or disrupt services. This could lead to data breaches, service outages, and further compromise of your cloud environment.