TF 0501 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Manage all resources
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Granting a Kubernetes ClusterRole permission to manage all resources using a wildcard ('*') gives full control over every resource in the cluster. This approach bypasses the principle of least privilege and allows unrestricted access.
Impact
If exploited, an attacker with this ClusterRole could gain root access on all cluster nodes, access and modify any pod, secret, or data, and potentially disrupt or take over the entire Kubernetes environment, leading to severe data breaches or service outages.