New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Least Privilege Violation - Roles with Unnecessary Access #15

Open

pete-rai opened this issue Dec 16, 2022 · 0 comments

Labels

enhancement pen-test

Collaborator

pete-rai commented Dec 16, 2022 •

edited

Loading

During pen-testing the following issue was identified:

During testing, Synopsys observed that the eks.privileged PodSecurityPolicy was implemented cluster-wide. This functionally "flattens" the cluster from an authorization perspective, removing the potential to limit operational privileges for deployed (and/or compromised) workloads running atop the cluster.

This in turn makes it trivial to perform potentially dangerous operations such as attempting to deploy privileged containers, access secrets, host resources, and other resources within the cluster (and potentially underlying cloud infrastructure).

This issue is kept here for reference only. There is no intention to fix this right now. Please see the statement about the security profile of these deployment charts. https://github.com/bit-broker/charts/blob/main/INFO.md#security-profile

pete-rai added enhancement pen-test labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment