TF 0059 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Legacy ABAC permissions are enabled.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
The configuration enables legacy Attribute-Based Access Control (ABAC) in GKE clusters, which relies on broad, attribute-based permissions rather than the more secure, fine-grained Role-Based Access Control (RBAC). This increases the risk of granting excessive privileges to users or services.
Impact
If exploited, attackers or unauthorized users could obtain permissions beyond what is necessary, potentially leading to unauthorized access, privilege escalation, or compromise of cluster resources and sensitive data.
Resolution
Switch to using RBAC permissions