Researchers warn that hundreds of organizations and open-source projects are vulnerable to public exposure of Kubernetes configuration secrets.
Kubernetes secrets are often stored unencrypted in the API server's underlying datastore, making them vulnerable to attacks.
The research uncovered instances in public repositories where Kubernetes secrets were inadvertently uploaded, affecting individuals, open-source projects, and large organizations. [ more ]