SYM_CONF_0218 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Kubernetes Engine cluster is configured with logging disabled by setting 'logging_service = "none"'. This prevents collection of cluster activity logs that are important for monitoring and troubleshooting.
Impact
Without logging enabled, security incidents, misconfigurations, or unauthorized actions may go undetected. This lack of visibility can hinder incident response, make audits difficult, and increase the risk of undetected breaches or data loss.