2 Service Accounts
1 Workloads
58 Bindings
2 Medium
56 Low
Description
The Dynatrace Operator Helm chart for Kubernetes and OpenShift
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
dynatrace-kubernetes-monitoring | default | ❌ | — | 57 | 0 | Medium |
dynatrace-operator | default | ❌ | — | 1 | 1 | Low |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 dynatrace-kubernetes-monitoring
Namespace: default | Automount: ❌
🔑 Permissions (57)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole dynatrace-kubernetes-monitoring | core/events | get · list · watch | Medium | InformationDisclosure OperationalData Reconnaissance |
ClusterRole dynatrace-kubernetes-monitoring | core/resourcequotas | get · list · watch | Medium | InformationDisclosure QuotaTampering Reconnaissance ResourceConfiguration |
ClusterRole dynatrace-kubernetes-monitoring | apps/cronjobs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/cronjobs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/cronjobs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/cronjobs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/daemonsets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/daemonsets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/daemonsets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/daemonsets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/deploymentconfigs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/deploymentconfigs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/deploymentconfigs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/deploymentconfigs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/deployments | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/deployments | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/deployments | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/deployments | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/events | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/events | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/events | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/jobs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/jobs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/jobs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/jobs | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/namespaces | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/namespaces | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/namespaces | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/namespaces | get · list · watch | Low | ClusterStructure InformationDisclosure Reconnaissance |
ClusterRole dynatrace-kubernetes-monitoring | apps/nodes | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/nodes | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/nodes | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/nodes | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/pods | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/pods | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/pods | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/pods | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/pods/proxy | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/pods/proxy | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/pods/proxy | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/pods/proxy | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/replicasets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/replicasets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/replicasets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/replicasets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/replicationcontrollers | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/replicationcontrollers | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/replicationcontrollers | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/replicationcontrollers | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/resourcequotas | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/resourcequotas | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/resourcequotas | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps/statefulsets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | apps.openshift.io/statefulsets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | batch/statefulsets | get · list · watch | Low | |
ClusterRole dynatrace-kubernetes-monitoring | core/statefulsets | get · list · watch | Low | |
Role dynatrace-kubernetes-monitoring | policy/podsecuritypolicies (restricted to: dynatrace-kubernetes-monitoring) | use | Low | ResourceNameRestricted |
⚠️ Potential Abuse (5)
The following security risks were found based on the above permissions:
- Read events cluster-wide
- List Namespaces (Cluster Reconnaissance)
- Read ResourceQuotas (Namespace Information Disclosure)
- Read All ResourceQuotas (Cluster-wide Information Disclosure)
📦 Workloads (0)
No workloads use this ServiceAccount.
🤖 dynatrace-operator
Namespace: default | Automount: ❌
🔑 Permissions (1)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole dynatrace-operator | core/namespaces (restricted to: kube-system) | get · list · watch | Low | ClusterStructure InformationDisclosure Reconnaissance ResourceNameRestricted |
⚠️ Potential Abuse (2)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | dynatrace-operator | dynatrace-operator | docker.io/dynatrace/dynatrace-operator:v0.1.0 |