TF 0185 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the --bind-address argument is set to 127.0.0.1
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The Kubernetes controller manager is configured to bind to an address other than 127.0.0.1, exposing its service on non-loopback network interfaces and making it accessible from outside the local host. This increases the risk of unauthorized access to the controller manager process.
Impact
If exploited, attackers could potentially connect to the controller manager from outside the control plane node, allowing them to interfere with cluster operations, access sensitive data, or gain further privileges within the Kubernetes environment.
Resolution
Edit the Controller Manager pod specification file /etc/kubernetes/manifests/kube-controller-manager.yaml on the Control Plane node and ensure the correct value for the --bind-address parameter