SYM_CONF_0169 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Network Policy is disabled on this Google Kubernetes Engine (GKE) cluster, which means traffic between pods is not restricted. This allows any pod to communicate with any other pod in the cluster, regardless of their intended roles or security boundaries.
Impact
Without network policies, attackers who compromise one pod could move laterally to other pods, potentially accessing sensitive data or critical services. This increases the risk of unauthorized access, data breaches, and escalation of attacks within your Kubernetes environment.