TF 0359 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the --anonymous-auth argument is set to false
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The API server is configured to allow anonymous requests by not setting the '--anonymous-auth' flag to 'false'. This means unauthenticated users can interact with the Kubernetes API server.
Impact
Allowing anonymous access can enable attackers to perform unauthorized actions or information gathering on the cluster, potentially leading to privilege escalation, data exposure, or disruption of services.
Resolution
Set '--anonymous-auth' to 'false'.