TF 0131 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the --secure-port argument is not set to 0
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The Kubernetes API server is configured with the --secure-port argument set to 0, which disables secure (HTTPS) communication for the API server endpoint. This results in the API server only accepting insecure, unencrypted connections.
Impact
Disabling secure port exposes the API server to interception and tampering of sensitive Kubernetes traffic. Attackers could eavesdrop on or manipulate API requests, potentially gaining unauthorized access or control over the Kubernetes cluster.
Resolution
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and either remove the --secure-port parameter or set it to a different (non-zero) desired port.