cloudflare-operator :: RBAC ATLAS

Description

Helm chart for Cloudflare Operator

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`cloudflare-operator`	default	❌	—	15	1	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `cloudflare-operator`

Namespace: default | Automount: ❌

🔑 Permissions (15)

Role	Resource	Verbs	Risk	Tags
ClusterRole `cloudflare-operator`	core/secrets	get · list · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `cloudflare-operator`	cloudflare-operator.io/accounts	create · delete · get · list · patch · update · watch	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/accounts/finalizers	update	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/accounts/status	get · patch · update	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/dnsrecords	create · delete · get · list · patch · update · watch	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/dnsrecords/finalizers	update	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/dnsrecords/status	get · patch · update	Low
ClusterRole `cloudflare-operator`	networking.k8s.io/ingresses	get · list · watch	Low
ClusterRole `cloudflare-operator`	networking.k8s.io/ingresses/finalizers	update	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/ips	create · delete · get · list · patch · update · watch	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/ips/finalizers	update	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/ips/status	get · patch · update	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/zones	create · delete · get · list · patch · update · watch	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/zones/finalizers	update	Low
ClusterRole `cloudflare-operator`	cloudflare-operator.io/zones/status	get · patch · update	Low

⚠️ Potential Abuse (3)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	cloudflare-operator	cloudflare-operator	ghcr.io/containeroo/cloudflare-operator:v1.5.1

cloudflare-operator

Description

Overview

Identities

🤖 cloudflare-operator

🔑 Permissions (15)

⚠️ Potential Abuse (3)

📦 Workloads (1)

🤖 `cloudflare-operator`