CRITICAL
Source
Kube Hunter
ID
KHV031

Etcd Remote Write Access Event

Etcd (Kubernetes’ Database) is writable without authentication. This gives full control of your Kubernetes cluster to an attacker with access to etcd.

Ensure your etcd is accepting connections only from the Kubernetes API, using the --trusted-ca-file etcd flag. This is usually done by the installer, or cloud platform.