C-0035 - Administrative Roles

Framework

ClusterScan, security, MITRE, ArmoBest, SOC2, NSA, AllControls

Severity

Medium

Description of the the issue

Role-based access control (RBAC) is a key security feature in Kubernetes. RBAC can restrict the allowed actions of the various identities in the cluster. Cluster-admin is a built-in high privileged role in Kubernetes. Attackers who have permissions to create bindings and cluster-bindings in the cluster can create a binding to the cluster-admin ClusterRole or to other high privileges roles.

Related resources

ClusterRole, ClusterRoleBinding, Role, RoleBinding

What does this control test

Check which subjects have cluster-admin RBAC permissions – either by being bound to the cluster-admin clusterrole, or by having equivalent high privileges.

Remediation

You should apply least privilege principle. Make sure cluster admin permissions are granted only when it is absolutely necessary. Don't use subjects with such high permissions for daily operations.

Example

No example