The kubelet is configured to allow anonymous (unauthenticated) requests to it’s HTTP api. This may expose certein information, and capabilities to an attacker with access to the kubelet API.
Ensure kubelet is protected using
--anonymous-auth=false kubelet flag. Allow only legitimate users using
--authentication-token-webhook kubelet flags. This is usually done by the installer or cloud proider.