TF 0099 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
GKE Control Plane should not be publicly accessible
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
The GKE control plane is configured to be accessible from the public internet, allowing connections from any IP address rather than restricting access to trusted networks. This exposes critical cluster management endpoints to potential unauthorized access.
Impact
If exploited, attackers could gain access to the cluster's control plane, enabling them to manipulate workloads, exfiltrate data, or disrupt cluster operations. This significantly increases the risk of unauthorized control, data breaches, and service outages.
Resolution
Use private nodes and master authorised networks to prevent exposure