Improper Privilege Management
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The ClusterRole grants wildcard (’*’) permissions to all resources and actions within the Kubernetes core API, effectively allowing unrestricted access. This broad permission set means anyone with this role can perform any action on any resource in the cluster.
Impact#
If exploited, an attacker with this role could read, modify, or delete any Kubernetes resource, potentially disrupting workloads, exposing sensitive data, or taking full control of the cluster. This level of access undermines security boundaries and increases the risk of accidental or malicious misuse.