The Kubernetes cluster contains security misconfigurations such as exposed dashboard without authentication, overly permissive RBAC policies, or insecure pod security settings.
An attacker could gain unauthorized access to the cluster, deploy malicious workloads, access secrets, move laterally between namespaces, or compromise the entire container orchestration infrastructure.
Enable and enforce RBAC with least-privilege policies. Restrict dashboard access and require authentication. Implement Pod Security Standards. Use network policies to restrict pod-to-pod communication. Enable audit logging and monitoring.