H3-2022-0083¶

Anonymous Access to the Kubernetes Dashboard

Description¶

The Kubernetes Dashboard is accessible to anonymous (unauthenticated) users.

Impact¶

Open access to the Kubernetes Dashboard allows attackers to gain valuable insight about the cluster, access secrets, and potentially create new resources, leading to remote code execution within the cluster.

References¶

• Kubernetes Dashboard Documentation
• Kubernetes Dashboard, Is It Secure
• MITRE ATT&CK Technique: T1613: Container and Resource Discovery