H3-2021-0006¶

Unauthenticated Kubernetes API Server Access

Description¶

The Kubernetes API Server port is accessible to anonymous (unauthenticated) users.

Impact¶

An attacker could make requests to the API server to access sensitive information such as running pods and secrets. Depending on the level of access, attackers may be able to fully compromise the cluster.

References¶

• Configure Service Accounts for Pods
• Using RBAC Authorization
• CIS Benchmarks: Securing Kubernetes
• MITRE ATT&CK Technique: T1609: Container Administration Command
• MITRE ATT&CK Technique: T1613: Container and Resource Discovery