Kube-hunter hunts for security weaknesses in Kubernetes clusters
View the Project on GitHub aquasecurity/kube-hunter
Lookup Vulnerability
KHV005 - Access to Kubernetes API
Issue description
Kubernetes API was accessed with Pod Service Account or without Authentication (see report message for details).
Remediation
Secure access to your Kubernetes API.
It is recommended to explicitly specify a Service Account for all of your workloads (serviceAccountName in Pod.Spec), and manage their permissions according to the least privilege principal.
Consider opting out automatic mounting of SA token using automountServiceAccountToken: false on ServiceAccount resource or Pod.spec.