TF 0301 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Public ingress should not be allowed via network policies
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | network |
| Provider | Kubernetes |
| Vulnerability Type | misconfiguration |
Description
The network policy configuration allows ingress traffic from any IP address (e.g., 0.0.0.0/0), exposing Kubernetes pods to the public internet without restriction. This bypasses intended network segmentation and access controls.
Impact
Unrestricted public access can enable attackers to scan, access, or exploit exposed services, potentially leading to data breaches, service disruption, or unauthorized resource usage. This increases the attack surface and risk of compromise for workloads within the cluster.
Resolution
Remove public access except where explicitly required