Ensure RBAC is enabled on AKS clusters
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | container |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
The AKS cluster is deployed without Kubernetes Role-Based Access Control (RBAC) enabled, allowing unrestricted access to cluster resources regardless of user roles or permissions. This configuration bypasses granular access control mechanisms.
Impact#
Without RBAC, any authenticated user or service can perform potentially harmful operations on the cluster, such as modifying workloads, accessing sensitive data, or disrupting services. This significantly increases the risk of privilege escalation, data breaches, and unauthorized changes to the Kubernetes environment.
Resolution#
Enable RBAC