C-0265 - system:authenticated user has elevated roles

Framework

security, ClusterScan, AllControls

Severity

High

Description of the the issue

Granting permissions to the system:authenticated group is generally not recommended and can introduce security risks. This control ensures that system:authenticated users do not have cluster risking permissions.

Related resources

ClusterRole, ClusterRoleBinding, Role, RoleBinding

What does this control test

Checks if ClusterRoleBinding/RoleBinding resources give permissions to system:authenticated group.

Remediation

Review and modify your cluster's RBAC configuration to ensure that system:authenticated will have minimal permissions.

Example

No example