No wildcard verb roles
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
A Kubernetes role is configured to allow wildcard (’*’) verbs on specific resources, granting all possible actions without restriction. This broad permission model bypasses the principle of least privilege and exposes sensitive resources to potential misuse.
Impact#
If exploited, an attacker or compromised user could perform any operation—including read, write, delete, or escalate privileges—on critical Kubernetes resources such as secrets, deployments, or roles, leading to data breaches, service disruption, or full cluster compromise.
Resolution#
Create a role which does not permit wildcard verb on specific resources