TF 0168 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Kubernetes should have 'Automatic upgrade' enabled
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider |
Description
Kubernetes node pools are provisioned without automatic upgrades enabled, causing nodes to remain on outdated versions rather than tracking the cluster master. This can leave nodes unpatched and inconsistent with the cluster control plane.
Impact
Without automatic upgrades, nodes may miss critical security patches and compatibility updates, increasing the risk of vulnerabilities or operational issues. Attackers could exploit outdated nodes, and cluster stability or supportability may be compromised.
Resolution
Enable automatic upgrades