TF 0504 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Kubernetes clusters should be auto-upgraded to ensure that they always contain the latest security patches.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | DigitalOcean |
| Vulnerability Type | omission |
Description
The Kubernetes cluster is not configured with automatic upgrades enabled, meaning it will not automatically receive the latest security patches and updates. This leaves the cluster running potentially outdated and vulnerable software versions.
Impact
Without auto-upgrades, known security vulnerabilities in the Kubernetes cluster software may remain unpatched, increasing the risk of exploitation by attackers. This can lead to unauthorized access, data breaches, or compromise of workloads running on the cluster.
Resolution
Set maintenance policy deterministically when auto upgrades are enabled