1 Service Accounts
1 Workloads
69 Bindings
1 Critical
1 High
62 Medium
5 Low
Description
A Helm chart for EDP Codebase Operator
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
edp-codebase-operator | default | ❌ | — | 69 | 1 | Critical |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 edp-codebase-operator
Namespace: default | Automount: ❌
🔑 Permissions (69)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
Role edp-codebase-operator | coordination.k8s.io/leases | create · delete · get · list · patch · update · watch | Critical | ControlPlaneDisruption CriticalNamespace DenialOfService Tampering |
Role edp-codebase-operator | */configmaps | * | High | ConfigMapAccess DataExposure InformationDisclosure NamespaceAdmin NamespaceWideAccess (+3 more) |
Role edp-codebase-operator | */adminconsoles | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */adminconsoles/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */adminconsoles/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */cdstagedeployments | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */cdstagedeployments/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */cdstagedeployments/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */cdstagejenkinsdeployments | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */cdstagejenkinsdeployments/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */cdstagejenkinsdeployments/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebasebranches | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebasebranches/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebasebranches/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebaseimagestreams | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebaseimagestreams/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebaseimagestreams/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebases | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebases/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */codebases/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */edpcomponents | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */edpcomponents/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */edpcomponents/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */gitservers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */gitservers/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */gitservers/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkins | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkins/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkins/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinses | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinses/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinses/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsfolders | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsfolders/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsfolders/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsjobs | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsjobs/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsjobs/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsscripts | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsscripts/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsscripts/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsserviceaccounts | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsserviceaccounts/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jenkinsserviceaccounts/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jirafixversions | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jirafixversions/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jiraissuemetadatas | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jiraissuemetadatas/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jiraissuemetadatas/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jiraservers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jiraservers/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */jiraservers/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcegitlabs | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcegitlabs/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcegitlabs/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcejenkinses | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcejenkinses/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcejenkinses/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcesonars | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcesonars/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */perfdatasourcesonars/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */stages | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */stages/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | */stages/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-codebase-operator | argoproj.io/applications | get · list · patch · update · watch | Low | |
Role edp-codebase-operator | core/events | create · patch | Low | |
Role edp-codebase-operator | networking.k8s.io/ingresses | get · list · watch | Low | |
ClusterRole edp-codebase-operator-default | admissionregistration.k8s.io/validatingwebhookconfigurations | get · patch · update | Low | |
Role edp-codebase-operator | core/secrets (restricted to: edp-codebase-operator-webhook-certs) | create · get · patch · update | Low | ResourceNameRestricted |
⚠️ Potential Abuse (5)
The following security risks were found based on the above permissions:
- Read ConfigMaps in a namespace
- Modify ConfigMaps in a namespace
- Manage Leases in kube-system or kube-node-lease namespace
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | codebase-operator | codebase-operator | epamedp/codebase-operator:2.19.0 |