C-0014 - Access Kubernetes dashboard
Framework
MITRE, AllControls
Severity
Low
Description of the the issue
The Kubernetes dashboard is a web-based UI that is used for monitoring and managing the Kubernetes cluster. The dashboard allows users to perform actions in the cluster using its service account (Kubernetes-dashboard) with the permissions that are determined by the binding or cluster-binding for this service account. Attackers who gain access to a container in the cluster, can use its network access to the dashboard pod. Consequently, attackers may retrieve information about the various resources in the cluster using the dashboard’s identity.
Related resources
ClusterRole, ClusterRoleBinding, CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, Role, RoleBinding, StatefulSet
What does this control test
Check who is associated with the dashboard service account or bound to dashboard role/clusterrole.
Remediation
Make sure that the “Kubernetes Dashboard” service account is only bound to the Kubernetes dashboard following the least privilege principle.
Example
No example
Updated 11 days ago