H3-2022-0026
Unauthenticated Access to Kubeflow
Category | SECURITY_MISCONFIGURATION |
Base Score | 9.8 |
Description
The Kubeflow application requires no authentication to configure and deploy containers.
Impact
An unauthenticated attacker can access all functionality of Kubeflow to extract sensitive data from existing containers and even deploy new containers to launch crypto-mining attacks.