TF 0320 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
User with admin access
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description
Granting users or service accounts the 'cluster-admin', 'admin', or 'edit' roles provides them with broad, unrestricted permissions in the Kubernetes cluster, exceeding the principle of least privilege.
Impact
If exploited, users with these elevated roles can perform sensitive actions such as modifying or deleting cluster resources, potentially leading to unauthorized access, data loss, or full cluster compromise.
Resolution
Remove binding for clusterrole 'cluster-admin', 'admin' or 'edit