github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/gke/AVD-GCP-0048/docs.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/gke/AVD-GCP-0048/docs.md (about)

     1  
     2  The Compute Engine instance metadata server exposes legacy v0.1 and v1beta1 endpoints, which do not enforce metadata query headers. 
     3  
     4  This is a feature in the v1 APIs that makes it more difficult for a potential attacker to retrieve instance metadata. 
     5  
     6  Unless specifically required, we recommend you disable these legacy APIs.
     7  
     8  When setting the <code>metadata</code> block, the default value for <code>disable-legacy-endpoints</code> is set to true, they should not be explicitly enabled.
     9  
    10  ### Impact
    11  Legacy metadata endpoints don't require metadata headers
    12  
    13  <!-- DO NOT CHANGE -->
    14  {{ remediationActions }}
    15  
    16  ### Links
    17  - https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#protect_node_metadata_default_for_112
    18  
    19