Do not allow impersonation of privileged groups
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
Roles are configured to allow impersonation of privileged groups, enabling users to assume high-level permissions they were not intended to have. This misconfiguration bypasses intended access controls and violates least privilege principles.
Impact#
If exploited, attackers or unauthorized users could gain privileged access, perform administrative actions, escalate their privileges, or compromise sensitive resources within the Kubernetes cluster, leading to a potential full cluster takeover or severe data breaches.
Resolution#
Create a role which does not permit to impersonate privileged groups if not needed