Manage all resources
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Granting a Kubernetes ClusterRole permission to manage all resources using a wildcard (’*’) gives full control over every resource in the cluster. This approach bypasses the principle of least privilege and allows unrestricted access.
Impact#
If exploited, an attacker with this ClusterRole could gain root access on all cluster nodes, access and modify any pod, secret, or data, and potentially disrupt or take over the entire Kubernetes environment, leading to severe data breaches or service outages.