SYM_CONF_0150 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Kubernetes Engine cluster is configured with monitoring disabled. Without monitoring enabled, cluster activity and health metrics are not collected or visible.
Impact
Disabling monitoring makes it harder to detect security incidents, operational issues, or unauthorized changes in your clusters. Attackers or misconfigurations could go unnoticed, increasing the risk of breaches or downtime.