Kubernetes info API access
Medium Nessus Plugin ID 110767
SynopsisKubernetes allows unauthenticated information disclosure via API access on port 10255 if not configured properly.
DescriptionA remote, unauthenticated attacker is able to access read only API on port 10255 (http) This API gives access to data of varying sensitivity
SolutionOnly allow localhost connections, set up firewall and authentication.