system:authenticate group access binding
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
Binding the ‘system:authenticated’ group to any Kubernetes role or clusterrole grants all authenticated users the permissions of that role, which exposes sensitive actions to a broad audience. This misconfiguration undermines role-based access control by allowing excessive privilege escalation.
Impact#
If exploited, any authenticated user could gain elevated permissions within the cluster, potentially leading to unauthorized access, modification, or deletion of resources, data breaches, and full cluster compromise.
Resolution#
Remove system:authenticated group binding from clusterrolebinding or rolebinding.