TF 0029 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
ConfigMap with secrets
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Sensitive information such as passwords or secrets is being stored in Kubernetes ConfigMaps, which are not designed for secure storage and do not provide encryption or access restrictions. This practice exposes confidential data in plain text within the cluster.
Impact
An attacker or unauthorized user with access to the cluster can easily retrieve sensitive credentials from ConfigMaps, potentially leading to unauthorized access to databases, services, or external systems, and resulting in data breaches or service compromise.
Resolution
Remove password/secret from configMap data value