SYM_CONF_0173 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Integrity monitoring is disabled for Shielded GKE node pools, which means the nodes are not being checked for unauthorized changes or tampering. This weakens the security of the Kubernetes cluster.
Impact
If integrity monitoring is off, attackers could compromise or alter node configurations without detection, potentially leading to unauthorized access, data breaches, or persistence of malicious activity within your GKE cluster.