Linkerd

Findings · 14

1. 1 Lack of rate-limiting mechanisms in the identity service Low
2. 2 Lack of rate-limiting mechanisms in the destination service Low
3. 3 CLI tool allows the use of insecure protocols when externally sourcing infrastructure definitions Medium
4. 4 Exposure of admin endpoint may aect application availability Medium
5. 5 Go’s pprof endpoints enabled by default in all admin servers Informational
6. 6 Lack of access controls on the linkerd-viz dashboard Low
7. 7 Prometheus endpoints reachable from the user application namespace Low
8. 8 Lack of egress access controls Low
9. 9 Prometheus endpoints are unencrypted and unauthenticated by default Low
10. 10 Shared identity and destination services in a cluster poses risks to multi-application clusters Medium
11. 11 Lack of isolation between components and their sidecar proxies Low
12. 12 Lack of centralized security best practices documentation Informational
13. 13 Unclear distinction between Linkerd and Linkerd2 in ocial Linkerd blog post guidance Informational
14. 14 Insucient logging of outbound HTTPS calls Low

Findings extracted from the published report PDF. See the full report below for details and remediation.