Etcd (Kubernetes’ Database) is writable without authentication. This gives full control of your Kubernetes cluster to an attacker with access to etcd.
Ensure your etcd is accepting connections only from the Kubernetes API, using the
--trusted-ca-file etcd flag. This is usually done by the installer, or cloud platform.