lacework-global-746

Minimize wildcard use in Roles (Automated)

Description

Kubernetes Roles provide access to resources based on sets of objects and actions that you can take on those objects. It is possible to set either of these to be the wildcard "*", which matches all items. Use of wildcards is not optimal from a security perspective as it may grant inadvertent access when adding new resources to the Kubernetes API either as CRDs or in later versions of the product.

Remediation

Where possible replace any use of wildcards in roles with specific objects or actions.

References

https://kubernetes.io/docs/reference/access-authn-authz/rbac/

Minimize wildcard use in Roles (Automated)​

Description​

Remediation​

References​

Minimize wildcard use in Roles (Automated)

Description

Remediation

References