User with admin access
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description#
Granting users or service accounts the ‘cluster-admin’, ‘admin’, or ’edit’ roles provides them with broad, unrestricted permissions in the Kubernetes cluster, exceeding the principle of least privilege.
Impact#
If exploited, users with these elevated roles can perform sensitive actions such as modifying or deleting cluster resources, potentially leading to unauthorized access, data loss, or full cluster compromise.
Resolution#
Remove binding for clusterrole ‘cluster-admin’, ‘admin’ or ’edit