TF 0333 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Do not allow impersonation of privileged groups
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
Roles are configured to allow impersonation of privileged groups, enabling users to assume high-level permissions they were not intended to have. This misconfiguration bypasses intended access controls and violates least privilege principles.
Impact
If exploited, attackers or unauthorized users could gain privileged access, perform administrative actions, escalate their privileges, or compromise sensitive resources within the Kubernetes cluster, leading to a potential full cluster takeover or severe data breaches.
Resolution
Create a role which does not permit to impersonate privileged groups if not needed