TF 0505 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Anonymous user access binding
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The configuration binds a Kubernetes role or cluster role to the anonymous user, granting unauthenticated users permissions in the cluster. This practice bypasses authentication controls and exposes sensitive operations to anyone.
Impact
An attacker could gain unauthorized access to cluster resources without any authentication, potentially leading to data breaches, service disruption, privilege escalation, or full cluster compromise.
Resolution
Remove anonymous user binding from clusterrolebinding or rolebinding.