Legacy ABAC permissions are enabled.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
The configuration enables legacy Attribute-Based Access Control (ABAC) in GKE clusters, which relies on broad, attribute-based permissions rather than the more secure, fine-grained Role-Based Access Control (RBAC). This increases the risk of granting excessive privileges to users or services.
Impact#
If exploited, attackers or unauthorized users could obtain permissions beyond what is necessary, potentially leading to unauthorized access, privilege escalation, or compromise of cluster resources and sensitive data.
Resolution#
Switch to using RBAC permissions