TF 0155 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider |
Description
Kubernetes Engine cluster nodes are not configured to use Container-Optimized OS (COS), which is the recommended image for enhanced security. Using alternative images like Ubuntu increases the attack surface and may lack key security features provided by COS.
Impact
Not using COS can expose cluster nodes to additional vulnerabilities and reduce protection against threats. This increases the risk of node compromise, privilege escalation, or persistence by attackers, potentially leading to broader cluster or data breaches.
Resolution
Use the COS image type