lacework-global-746
Minimize wildcard use in Roles (Automated)
Description
Kubernetes Roles
provide access to resources based on sets of objects and actions that you can take on those objects.
It is possible to set either of these to be the wildcard "*"
, which matches all items.
Use of wildcards is not optimal from a security perspective as it may grant inadvertent access when adding new resources to the Kubernetes API either as CRDs or in later versions of the product.
Remediation
Where possible replace any use of wildcards in roles with specific objects or actions.
References
https://kubernetes.io/docs/reference/access-authn-authz/rbac/