TF 0020 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
EKS cluster should not have open CIDR range for public access
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | eks |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description
The EKS cluster configuration allows public access from all IP addresses (0.0.0.0/0), exposing the Kubernetes API endpoint to the entire internet. This overly broad CIDR range makes the cluster openly accessible and vulnerable to unauthorized access attempts.
Impact
If exploited, attackers anywhere on the internet could attempt to access or compromise the EKS cluster, potentially leading to data breaches, unauthorized control over workloads, or disruption of services. This exposure significantly increases the risk of cluster takeover and organizational impact.
Resolution
Don't enable public access to EKS Clusters