C-0267 - Workload with cluster takeover roles
Framework
security
Severity
Medium
Description of the the issue
In Kubernetes, workloads with overly permissive roles pose a significant security risk. When a workload is granted roles that exceed the necessities of its operation, it creates an attack surface for privilege escalation within the cluster. This is especially critical if the roles include permissions for creating, updating, or accessing sensitive resources or secrets. An attacker exploiting such a workload can leverage these excessive privileges to perform unauthorized actions, potentially leading to a full cluster takeover. Ensuring that each service account associated with a workload is limited to permissions that are strictly necessary for its function is crucial in mitigating the risk of cluster takeovers.
Related resources
ClusterRole, ClusterRoleBinding, CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, Role, RoleBinding, ServiceAccount, StatefulSet
What does this control test
Check if the service account used by a workload has cluster takeover roles.
Remediation
You should apply least privilege principle. Make sure each service account has only the permissions that are absolutely necessary.
Example
No example
Updated 11 days ago