TF 0297 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure RBAC is enabled on AKS clusters
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | container |
| Provider | Azure |
| Vulnerability Type | omission |
Description
The AKS cluster is deployed without Kubernetes Role-Based Access Control (RBAC) enabled, allowing unrestricted access to cluster resources regardless of user roles or permissions. This configuration bypasses granular access control mechanisms.
Impact
Without RBAC, any authenticated user or service can perform potentially harmful operations on the cluster, such as modifying workloads, accessing sensitive data, or disrupting services. This significantly increases the risk of privilege escalation, data breaches, and unauthorized changes to the Kubernetes environment.
Resolution
Enable RBAC