Logo

Kube-hunter hunts for security weaknesses in Kubernetes clusters

View the Project on GitHub aquasecurity/kube-hunter

Lookup Vulnerability
All vulnerabilies

KHV032 - Etcd Remote Read Access Event

Issue description

Etcd (Kubernetes’ Database) is accessible without authentication. This exposes the entire state of your Kubernetes cluster to the reader.

Remediation

Ensure your etcd is accepting connections only from the Kubernetes API, using the --trusted-ca-file etcd flag. This is usually done by the installer, or cloud platform.

References