C-0262 - Anonymous user has RoleBinding
Framework
ClusterScan, security, AllControls
Severity
High
Description of the the issue
Granting permissions to the system:unauthenticated or system:anonymous user is generally not recommended and can introduce security risks. Allowing unauthenticated access to your Kubernetes cluster can lead to unauthorized access, potential data breaches, and abuse of cluster resources.
Related resources
ClusterRoleBinding, RoleBinding
What does this control test
Checks if ClusterRoleBinding/RoleBinding resources give permissions to anonymous user. Also checks in the apiserver if the --anonymous-auth flag is set to false
Remediation
Review and modify your cluster's RBAC configuration to ensure that only authenticated and authorized users have appropriate permissions based on their roles and responsibilities within your system.
Example
No example
Updated 9 days ago