Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Kubernetes cluster is not configured to use Google Groups for managing RBAC users, which means user access is handled individually rather than through group-based controls. This makes it harder to manage permissions and increases the risk of unauthorized access.
Impact#
Without Google Groups integration, access control becomes error-prone and harder to audit, potentially allowing users to retain or gain permissions they shouldn’t have. This can lead to privilege escalation, unauthorized actions within the cluster, and compliance issues.