TF 0126 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Checks for service account defined for GKE nodes
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider | |
| Vulnerability Type | omission |
Description
GKE node pools are configured to use the default Compute Engine service account instead of a minimally privileged, custom service account. This setup grants nodes broader permissions than necessary, increasing exposure to potential misuse.
Impact
If compromised, nodes with overly permissive service accounts could allow attackers to access or manipulate other Google Cloud resources, leading to data breaches, privilege escalation, or unauthorized resource usage across the environment.
Resolution
Use limited permissions for service accounts to be effective