SYM_CONF_0189 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Legacy ABAC authorization is enabled on this GKE cluster, which uses outdated access controls and can grant users overly broad permissions. This setting bypasses modern, more secure RBAC policies.
Impact
If exploited, attackers or unauthorized users could gain excessive privileges within the cluster, potentially allowing them to read, modify, or delete resources and compromise workloads. This weakens security boundaries and increases the risk of data breaches or service disruptions.