C-0262 - Anonymous user has RoleBinding

Framework

AllControls, security, ClusterScan

Severity

High

Description of the the issue

Granting permissions to the system:unauthenticated or system:anonymous user is generally not recommended and can introduce security risks. Allowing unauthenticated access to your Kubernetes cluster can lead to unauthorized access, potential data breaches, and abuse of cluster resources.

Related resources

ClusterRoleBinding, RoleBinding

What does this control test

Checks if ClusterRoleBinding/RoleBinding resources give permissions to anonymous user. Also checks in the apiserver if the --anonymous-auth flag is set to false

Remediation

Review and modify your cluster's RBAC configuration to ensure that only authenticated and authorized users have appropriate permissions based on their roles and responsibilities within your system.

Example

No example