No wildcard verb and resource roles
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
A Kubernetes role is configured to allow all possible actions (‘verbs’) on all resources by using wildcards. This overly broad permission grants unrestricted access, violating the principle of least privilege.
Impact#
If exploited, an attacker or compromised user could perform any action on any resource within the cluster, including deleting, modifying, or exposing sensitive data and configurations, potentially leading to full cluster compromise and service disruption.
Resolution#
Create a role which does not permit wildcard verb on wildcard resource